CVE-2025-8296
Published: 12 August 2025
Summary
CVE-2025-8296 is a high-severity SQL Injection (CWE-89) vulnerability in Ivanti Avalanche. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 7.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Ivanti Avalanche versions prior to 6.4.8.8008 are affected by a SQL injection vulnerability, identified as CVE-2025-8296 and assigned CWE-89. The flaw resides in the product and permits execution of arbitrary SQL queries when triggered through the network.
A remote authenticated attacker with administrative privileges can exploit the issue to run arbitrary SQL queries. Under certain conditions the same access path can be escalated to remote code execution, consistent with the CVSS 3.1 vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H that yields a base score of 7.2.
The vendor has issued a security advisory covering CVE-2025-8296 and an accompanying issue; the advisory is available at https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-CVE-2025-8296-CVE-2025-8297?language=en_US and should be consulted for official mitigation steps. The EPSS score has remained flat at 0.0761 with no material rise observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24259
Vulnerability details
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.