ZDI-CAN-28617 MEDIUM 4.9 Overdue Nov 25, 2025

Ivanti

Ivanti is a well-known enterprise IT management and cybersecurity software vendor. This medium-severity vulnerability (CVSS 4.9) can be exploited remotely without user interaction, but requires high-level administrative privileges; it poses a confidentiality risk with no impact to integrity or availability. Security teams should monitor for suspicious administrative account activities and patch when Ivanti releases a fix by the March 2026 deadline.

Advisory Details
Researcher Discovered by: 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044
Reported November 25, 2025
Deadline March 25, 2026 22d overdue
CVSS Vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Ivanti Potential RCE Potential Privilege Escalation Potential Information Disclosure

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy