CVE-2025-5463: CWE-532 Insertion of Sensitive Information into Log File in Ivanti Connect Secure
Severity: mediumType: vulnerabilityCVE-2025-5463
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
CVE-2025-5463: CWE-532 Insertion of Sensitive Information into Log File in Ivanti Connect Secure
Medium
Published: Tue Jul 08 2025 (07/08/2025, 15:02:38 UTC)
Source: CVE Database V5
Vendor/Project: Ivanti
Product: Connect Secure
Description
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- ivanti
- Date Reserved
- 2025-06-02T10:54:07.286Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686d34a96f40f0eb72f7c5a8
Added to database: 7/8/2025, 3:09:29 PM
Last updated: 7/8/2025, 3:09:29 PM
Views: 1
Related Threats
CVE-2025-7037: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Ivanti Endpoint Manager
HighVulnerabilityTue Jul 08 2025
CVE-2025-53372: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in alfonsograziano node-code-sandbox-mcp
HighVulnerabilityTue Jul 08 2025
CVE-2025-3630: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Sterling B2B Integrator
MediumVulnerabilityTue Jul 08 2025
CVE-2025-7183: SQL Injection in Campcodes Sales and Inventory System
MediumVulnerabilityTue Jul 08 2025
CVE-2025-6770: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Ivanti Endpoint Manager Mobile
HighVulnerabilityTue Jul 08 2025
Actions
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.