Skip to main content

CVE-2025-5353: CWE-321: Use of Hard-coded Cryptographic Key in Ivanti Workspace Control

High
VulnerabilityCVE-2025-5353cvecve-2025-5353cwe-321
Published: Tue Jun 10 2025 (06/10/2025, 14:39:34 UTC)
Source: CVE Database V5
Vendor/Project: Ivanti
Product: Workspace Control

Description

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.

AI-Powered Analysis

AILast updated: 07/11/2025, 00:48:22 UTC

Technical Analysis

CVE-2025-5353 is a high-severity vulnerability identified in Ivanti Workspace Control versions prior to 10.19.10.0. The issue stems from the use of a hardcoded cryptographic key (CWE-321) within the product, which is used to encrypt stored SQL credentials. Because the key is hardcoded and thus static and discoverable, a local attacker with authenticated access to the system can decrypt these stored credentials. This vulnerability allows an attacker to gain unauthorized access to sensitive database credentials, potentially leading to further compromise of backend systems or data stores. The CVSS v3.1 base score is 8.8, reflecting the high impact on confidentiality, integrity, and availability, with low attack complexity and requiring only low privileges and no user interaction. The vulnerability affects the confidentiality of stored credentials, integrity of the system by enabling privilege escalation or lateral movement, and availability if the attacker disrupts database operations. No known exploits are currently reported in the wild, and no patch links are provided yet, indicating that remediation may still be pending or in progress. The vulnerability requires local authenticated access, so remote exploitation without credentials is not possible, but the scope is significant due to the potential for credential exposure and subsequent attacks on backend infrastructure.

Potential Impact

For European organizations using Ivanti Workspace Control, this vulnerability poses a significant risk. Many enterprises rely on Workspace Control for managing user environments and access, often integrating with critical SQL databases. Exposure of SQL credentials can lead to unauthorized database access, data exfiltration, or manipulation, which can compromise sensitive personal data protected under GDPR. The breach of confidentiality and integrity could result in regulatory penalties, reputational damage, and operational disruption. Given the high CVSS score and the potential for privilege escalation, attackers could leverage this vulnerability to move laterally within networks, increasing the risk of widespread compromise. Organizations in sectors such as finance, healthcare, government, and critical infrastructure in Europe, which often use Ivanti products, are particularly at risk. The requirement for local authenticated access somewhat limits the attack surface but does not eliminate risk, especially in environments with many users or where endpoint security is weak.

Mitigation Recommendations

Organizations should prioritize upgrading Ivanti Workspace Control to version 10.19.10.0 or later once available, as this will likely address the hardcoded key issue. Until a patch is released, organizations should implement strict access controls to limit local authenticated access to only trusted administrators and users. Employing endpoint detection and response (EDR) solutions to monitor for suspicious local activity can help detect exploitation attempts. Encrypting sensitive data at rest with additional layers beyond the application’s encryption can reduce exposure. Regularly auditing and rotating database credentials stored by Workspace Control can minimize the window of opportunity for attackers. Network segmentation should be enforced to restrict access to critical SQL servers. Additionally, organizations should review logs for unusual access patterns and prepare incident response plans specific to credential compromise scenarios. Ivanti customers should engage with vendor support for any available workarounds or interim fixes.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
ivanti
Date Reserved
2025-05-30T08:39:00.490Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f561b0bd07c3938a3fd

Added to database: 6/10/2025, 6:54:14 PM

Last enriched: 7/11/2025, 12:48:22 AM

Last updated: 8/4/2025, 10:00:30 AM

Views: 26

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats