Sensitive Information Leak in Ivanti Connect Secure Product
CVE-2025-5464

6.5MEDIUM

Key Information:

Vendor

Ivanti

Vendor
CVE Published:
8 July 2025

What is CVE-2025-5464?

A security vulnerability in Ivanti Connect Secure prior to version 22.7R2.8 allows a local authenticated attacker to insert sensitive information into a log file. This could lead to unauthorized access to confidential data, posing risks to the integrity and confidentiality of the affected systems.

Affected Version(s)

Connect Secure 22.7R2.8

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-5464 : Sensitive Information Leak in Ivanti Connect Secure Product