Cyber Resilience

CVE-2024-10644

CriticalRCE

Published: 11 February 2025

Published
11 February 2025
Modified
14 July 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0398 88.7th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10644 is a critical-severity Code Injection (CWE-94) vulnerability in Ivanti Connect Secure. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-10644 is a code injection vulnerability, tracked under CWE-94, that affects Ivanti Connect Secure prior to version 22.7R2.4 and Ivanti Policy Secure prior to version 22.7R1.3. The flaw carries a CVSS 3.1 score of 9.1 and permits an attacker to inject and execute arbitrary code on the affected appliance.

A remote authenticated attacker who already possesses administrative privileges can exploit the issue over the network with low attack complexity to obtain remote code execution on the target system, resulting in full compromise of confidentiality, integrity, and availability within the security context of the appliance.

The February Security Advisory published by Ivanti addresses this and related CVEs and is available at the vendor forum link provided in the references.

EPSS for the vulnerability rose from a low baseline to a peak of 0.2466 on 2025-12-11 before receding to the current value of 0.0398, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct code injection vulnerability enabling RCE against a public-facing remote access application (Ivanti Connect Secure/Policy Secure).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0282Same product: Ivanti Connect Secure
CVE-2025-55147Same product: Ivanti Connect Secure
CVE-2025-22467Same product: Ivanti Connect Secure
CVE-2025-0283Same product: Ivanti Connect Secure
CVE-2025-55145Same product: Ivanti Connect Secure
CVE-2025-55141Same product: Ivanti Connect Secure
CVE-2025-55142Same product: Ivanti Connect Secure
CVE-2026-1281Same vendor: Ivanti
CVE-2026-1340Same vendor: Ivanti
CVE-2025-24472Same product class: VPN / SSL gateway

Affected Assets

ivanti
connect secure
22.7 · ≤ 22.7
ivanti
policy secure
22.7 · ≤ 22.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the code injection vulnerability by requiring timely identification, reporting, and patching to the fixed Ivanti versions 22.7R2.4 or 22.7R1.3.

prevent

Prevents code injection (CWE-94) by enforcing information input validation at the vulnerable interfaces exploited by authenticated admins.

prevent

Reduces exploitability by enforcing least privilege, limiting administrative accounts that can perform the remote code execution.

References