High
CVSS 7.2
Overview
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVE-2025-8297
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8...
Risk analysis
This vulnerability is rated 🟠 HIGH.
- CVSS: 7.2 (HIGH)
- Detected tags: rce (tag impact: VERY HIGH)
Recommended actions:
- Patch/upgrade immediately (remote code execution).
- Reduce exposure (WAF/segmentation), minimize attack surface.