CVE-2025-8310
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-13
Assigner: ivanti
Description
Description
Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ivanti | virtual_application_delivery_controller | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing authorization issue in the admin console of Ivanti Virtual Application Delivery Controller versions before 22.9. It allows a remote authenticated attacker to take over admin accounts by resetting their passwords without proper authorization.
How can this vulnerability impact me? :
An attacker who exploits this vulnerability can gain control over admin accounts by resetting their passwords, potentially leading to unauthorized administrative access and control over the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70