CVE-2024-10644

CriticalRCE

Published: 11 February 2025

Published

11 February 2025

Modified

14 July 2025

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0684 91.4th percentile

Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10644 is a critical-severity Code Injection (CWE-94) vulnerability in Ivanti Connect Secure. Its CVSS base score is 9.1 (Critical).

Operationally, ranked in the top 8.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the code injection vulnerability by requiring timely identification, reporting, and patching to the fixed Ivanti versions 22.7R2.4 or 22.7R1.3.

SI-10 Information Input Validation good match

prevent

Prevents code injection (CWE-94) by enforcing information input validation at the vulnerable interfaces exploited by authenticated admins.

AC-6 Least Privilege partial match

prevent

Reduces exploitability by enforcing least privilege, limiting administrative accounts that can perform the remote code execution.

NVD Description

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Deeper analysisAI

CVE-2024-10644 is a code injection vulnerability (CWE-94) affecting Ivanti Connect Secure prior to version 22.7R2.4 and Ivanti Policy Secure prior to version 22.7R1.3. Published on February 11, 2025, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact remote code execution.

The vulnerability can be exploited by a remote authenticated attacker possessing administrative privileges. Successful exploitation enables remote code execution on the targeted system, with changed scope allowing potential compromise beyond the vulnerable component.

Ivanti's February Security Advisory, available at https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs, addresses this CVE alongside others. Mitigation requires upgrading to Ivanti Connect Secure version 22.7R2.4 or later and Ivanti Policy Secure version 22.7R1.3 or later.

Details

CWE(s): CWE-94

Affected Products

ivanti

connect secure

22.7 · ≤ 22.7

ivanti

policy secure

22.7 · ≤ 22.7

CVEs Like This One

CVE-2025-0283Same product: Ivanti Connect Secure

CVE-2025-0282Same product: Ivanti Connect Secure

CVE-2025-22467Same product: Ivanti Connect Secure

CVE-2025-55145Same product: Ivanti Connect Secure

CVE-2025-55141Same product: Ivanti Connect Secure

CVE-2025-55147Same product: Ivanti Connect Secure

CVE-2025-55142Same product: Ivanti Connect Secure

CVE-2026-1340Same vendor: Ivanti

CVE-2026-1281Same vendor: Ivanti

CVE-2026-5786Same vendor: Ivanti

References

https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs
Vendor Advisory · 3c1d8aa1-5a33-4ea4-8992-aadd6440af75