CVE-2024-10644
Published: 11 February 2025
Summary
CVE-2024-10644 is a critical-severity Code Injection (CWE-94) vulnerability in Ivanti Connect Secure. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-10644 is a code injection vulnerability, tracked under CWE-94, that affects Ivanti Connect Secure prior to version 22.7R2.4 and Ivanti Policy Secure prior to version 22.7R1.3. The flaw carries a CVSS 3.1 score of 9.1 and permits an attacker to inject and execute arbitrary code on the affected appliance.
A remote authenticated attacker who already possesses administrative privileges can exploit the issue over the network with low attack complexity to obtain remote code execution on the target system, resulting in full compromise of confidentiality, integrity, and availability within the security context of the appliance.
The February Security Advisory published by Ivanti addresses this and related CVEs and is available at the vendor forum link provided in the references.
EPSS for the vulnerability rose from a low baseline to a peak of 0.2466 on 2025-12-11 before receding to the current value of 0.0398, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4985
Vulnerability details
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct code injection vulnerability enabling RCE against a public-facing remote access application (Ivanti Connect Secure/Policy Secure).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the code injection vulnerability by requiring timely identification, reporting, and patching to the fixed Ivanti versions 22.7R2.4 or 22.7R1.3.
Prevents code injection (CWE-94) by enforcing information input validation at the vulnerable interfaces exploited by authenticated admins.
Reduces exploitability by enforcing least privilege, limiting administrative accounts that can perform the remote code execution.