Sensitive Information Leak in Ivanti Connect Secure Product
CVE-2025-5464

6.5MEDIUM

Key Information:

Vendor: Ivanti
Status: Connect Secure
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-5464?

A security vulnerability in Ivanti Connect Secure prior to version 22.7R2.8 allows a local authenticated attacker to insert sensitive information into a log file. This could lead to unauthorized access to confidential data, posing risks to the integrity and confidentiality of the affected systems.

Affected Version(s)

Connect Secure 22.7R2.8

References

https://forums.ivanti.com/s/article/July-Security-Advisor...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jun 2, 2025