CNNVD-202507-1032 Information

CNNVD ID

CNNVD-202507-1032

Related CVE

CVE-2025-0292

• CNNVD Published: 2025-07-08

Description (Chinese)

Ivanti Connect Secure（ICS）和Ivanti Policy Secure（IPS）都是美国Ivanti公司的产品。Ivanti Connect Secure是一款安全远程网络连接工具。Ivanti Policy Secure是一个网络访问控制 (NAC) 解决方案。 Ivanti Connect Secure 22.7R2.8之前版本和Ivanti Policy Secure 22.7R1.5之前版本存在代码问题漏洞，该漏洞源于服务端请求伪造，可能导致访问内部网络服务。

Description (English)

Ivanti Contact Security (ICS) and Ivanti Policy Security (IPS) are all products of the United States company Ivanti. Ivanti Contact Security is a secure remote network connection tool. Ivanti Policy Security is a web access control (NAC) solution. There was a code breach in previous versions of Ivanti Connect Security 22.7R2.8 and Ivanti Policy 22.7R1.5, which stemmed from the forgery of service-end requests and could lead to access to internal network services.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

iWT

Published

2025-07-08

Last Modified

2026-02-24

References

https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs https://access.redhat.com/security/cve/cve-2025-0292

Patch

https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs