CVE-2025-0293: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') in Ivanti Connect Secure
Severity: mediumType: vulnerabilityCVE-2025-0293
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
CVE-2025-0293: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') in Ivanti Connect Secure
Medium
Published: Tue Jul 08 2025 (07/08/2025, 15:33:05 UTC)
Source: CVE Database V5
Vendor/Project: Ivanti
Product: Connect Secure
Description
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- ivanti
- Date Reserved
- 2025-01-07T02:28:05.650Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686d3bb16f40f0eb72f81baa
Added to database: 7/8/2025, 3:39:29 PM
Last updated: 7/8/2025, 3:39:29 PM
Views: 1
Related Threats
CVE-2025-43019: CWE-269 Improper Privilege Management in HP Inc. HP Support Assistant
MediumVulnerabilityTue Jul 08 2025
CVE-2025-7184: SQL Injection in code-projects Library System
MediumVulnerabilityTue Jul 08 2025
CVE-2025-5464: CWE-532 Insertion of Sensitive Information into Log File in Ivanti Connect Secure
MediumVulnerabilityTue Jul 08 2025
CVE-2025-0292: CWE-918 Server-Side Request Forgery (SSRF) in Ivanti Connect Secure
MediumVulnerabilityTue Jul 08 2025
CVE-2025-7037: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Ivanti Endpoint Manager
HighVulnerabilityTue Jul 08 2025
Actions
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.