CNNVD-202508-1059 Information

CNNVD ID

CNNVD-202508-1059

Related CVE

CVE-2025-8296

• CNNVD Published: 2025-08-12

Description (Chinese)

Ivanti Avalanche是美国Ivanti公司的一套企业移动设备管理系统。该系统主要用于管理智能手机、平板电脑和条形码扫描仪等设备。 Ivanti Avalanche 6.4.8.8008之前版本存在SQL注入漏洞，该漏洞源于SQL注入，可能导致远程代码执行。

Description (English)

Ivanti Avalanche is an enterprise mobile equipment management system for Ivanti, United States of America. The system is used mainly to manage equipment such as smartphones, tablets and bar-code scanners. Prior to Ivanti Avalanche 6.4.8.8008, there was an injection loophole in SQL, which originated in SQL and could lead to remote code implementation.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

Ivanti

Published

2025-08-12

Last Modified

2026-02-24

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-CVE-2025-8296-CVE-2025-8297?language=en_US

Patch

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-CVE-2025-8296-CVE-2025-8297?language=en_US