Skip to main content

Workspace Control CVE-2025-5353

| EUVDEUVD-2025-17691 HIGH
Use of Hard-coded Cryptographic Key (CWE-321)
2025-06-10 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17691
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 15:15 nvd
HIGH 8.8

DescriptionCVE.org

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.

AnalysisAI

Credential disclosure vulnerability in Ivanti Workspace Control versions before 10.19.10.0, where a hardcoded cryptographic key enables local authenticated attackers to decrypt stored SQL database credentials. This allows privilege escalation and lateral movement within enterprise environments. With a CVSS score of 8.8 and local attack vector requiring authentication, exploitation requires internal access but poses significant risk to SQL database security and overall system compromise.

Technical ContextAI

The vulnerability stems from CWE-321 (Use of Hard-Coded Cryptographic Key), a fundamental cryptographic implementation flaw where encryption keys are embedded in application binaries or configuration files rather than being securely derived or managed. In Ivanti Workspace Control, SQL credentials are encrypted using a hardcoded key accessible to authenticated local users. This violates cryptographic best practices where keys should be: (1) derived from secure key derivation functions, (2) stored in hardware security modules or secure credential stores, and (3) rotated regularly. An authenticated local attacker with access to the Ivanti Workspace Control application or its configuration/memory can obtain the hardcoded key, decrypt the stored SQL credentials, and gain unauthorized database access. CPE affected: ivanti:workspace_control versions <10.19.10.0.

RemediationAI

patch: Upgrade Ivanti Workspace Control to version 10.19.10.0 or later; priority: Critical; notes: Patch availability confirmed in CVE description; apply immediately to all affected instances mitigation_interim: Restrict local access to Ivanti Workspace Control application and configuration files using OS-level access controls (file permissions, directory restrictions); priority: High; notes: Limit which users can access the application directory and memory to reduce attack surface while patching mitigation_interim: Monitor SQL database access logs for unusual connection attempts originating from Workspace Control service accounts; priority: Medium; notes: Detect potential credential compromise in-use before full damage occurs mitigation_interim: Rotate SQL credentials stored by Ivanti Workspace Control after patching, assuming potential prior compromise; priority: High; notes: Post-patch, re-issue database credentials as a precaution detection: Scan configuration files and memory dumps for hardcoded keys (if forensically necessary pre-patch); priority: Low; notes: For forensic investigation of potential prior exploitation

CVE-2018-15592 HIGH POC
7.8 Oct 15

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.

CVE-2018-15591 HIGH POC
7.8 Oct 15

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.

CVE-2025-22455 HIGH
8.8 Jun 10

Cryptographic weakness in Ivanti Workspace Control prior to version 10.19.0.0 that uses a hardcoded encryption key to pr

CVE-2024-8496 HIGH
7.8 Dec 11

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local

CVE-2024-8012 HIGH
7.8 Sep 10

An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19

CVE-2024-44107 HIGH
7.8 Sep 10

DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local aut

CVE-2024-44106 HIGH
7.8 Sep 10

Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0

CVE-2024-44105 HIGH
7.8 Sep 10

Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 202

CVE-2024-44104 HIGH
7.8 Sep 10

An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Iva

CVE-2024-44103 HIGH
7.8 Sep 10

DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local aut

CVE-2021-36235 HIGH
7.8 Sep 01

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. Rated high severity (CVSS 7.8), this vulnerability

CVE-2019-19675 HIGH
7.8 Dec 17

In Ivanti Workspace Control before 10.3.180.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexi

Share

CVE-2025-5353 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy