SQL Injection in Ivanti Avalanche Prior to Version 6.4.8.8008
CVE-2025-8296

7.2HIGH

Key Information:

Vendor

Ivanti
Status
Avalanche
Vendor
CVE Published:
12 August 2025

What is CVE-2025-8296?

A SQL injection vulnerability in Ivanti Avalanche prior to version 6.4.8.8008 enables remote authenticated attackers with administrative privileges to execute arbitrary SQL queries. This vulnerability poses a risk of exposing sensitive data and, under certain circumstances, may lead to remote code execution, potentially compromising the integrity of affected systems.

Affected Version(s)

Avalanche 6.4.8.8008

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-8296 : SQL Injection in Ivanti Avalanche Prior to Version 6.4.8.8008