Medium
CVSS 5.5
Overview
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
CVE-2025-0292
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure b...
Risk analysis
This vulnerability is rated 🟡 MEDIUM.
- CVSS: 5.5 (MEDIUM)
- Detected tags: ssrf (tag impact: MODERATE)
Recommended actions:
- Deny access to internal/metadata addresses; use outbound allowlists.