CVE-2025-8310 | THREATINT

Description

Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password

PUBLISHED Reserved 2025-07-29 | Published 2025-08-12 | Updated 2025-08-13 | Assigner ivanti

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Problem types

CWE-862 Missing Authorization

Product status

Default status

affected

22.9

unaffected

References

forums.ivanti.com/...iously-vTM-CVE-2025-8310?language=en_US

cve.org (CVE-2025-8310)

nvd.nist.gov (CVE-2025-8310)

Download JSON