Local Authentication Vulnerability in Ivanti Workspace Control Products
CVE-2025-22463

7.3HIGH

Key Information:

Vendor: Ivanti
Status: Workspace Control
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-22463?

A local authentication vulnerability has been identified in Ivanti Workspace Control, specifically affecting versions before 10.19.10.0. This vulnerability arises from a hardcoded key that enables an authenticated local attacker to decrypt sensitive data, including the stored environment password. If exploited, this could potentially expose critical information and compromise the security of the application. Users and administrators are strongly advised to upgrade to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Workspace Control 10.19.10.0

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Jan 7, 2025