Cyber Posture

CVE-2025-22454

HighLPE

Published: 11 March 2025

Published
11 March 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0028 51.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22454 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Ivanti Secure Access Client. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 49.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation directly patches the insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4, preventing local privilege escalation exploitation.

AC-6 Least Privilege good match
prevent

Enforcing least privilege restricts local low-privilege users from escalating via the vulnerable permissions in the Ivanti Secure Access Client.

AC-3 Access Enforcement good match
prevent

Access enforcement ensures approved authorizations are strictly applied, countering the insufficiently restrictive permissions that enable privilege escalation in the client software.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Vulnerability enables local privilege escalation via exploitation of weak permissions (CWE-732), directly matching T1068.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

Deeper analysisAI

CVE-2025-22454 involves insufficiently restrictive permissions in Ivanti Secure Access Client versions before 22.7R4. This vulnerability, mapped to CWE-732, enables local privilege escalation and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It was published on 2025-03-11.

A local authenticated attacker with low privileges can exploit this issue with low complexity and no user interaction required. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, resulting in privilege escalation on the affected system.

Ivanti has issued a security advisory detailing the vulnerability, available at https://forums.ivanti.com/s/article/March-Security-Advisory-Ivanti-Secure-Access-Client-ISAC-CVE-2025-22454, which provides guidance on mitigation and patching.

Details

CWE(s)
CWE-732

Affected Products

ivanti
secure access client
22.7 · ≤ 22.7

CVEs Like This One

CVE-2024-13813Same product: Ivanti Secure Access Client
CVE-2025-0283Same vendor: Ivanti
CVE-2026-3483Same vendor: Ivanti
CVE-2025-55142Same vendor: Ivanti
CVE-2026-2637Shared CWE-732
CVE-2026-24834Shared CWE-732
CVE-2025-12985Shared CWE-732
CVE-2025-21571Shared CWE-732
CVE-2025-22467Same vendor: Ivanti
CVE-2025-8310Same vendor: Ivanti

References