Ddos 
Ivanti has released critical security updates addressing three high-severity vulnerabilities in Ivanti Workspace Control (IWC)—a widely-used tool for centralized desktop and application management in enterprise environments. The flaws, if exploited, could allow a local authenticated attacker to decrypt sensitive credentials stored within the platform, potentially leading to lateral movement and broader infrastructure compromise.
Ivanti Workspace Control allows IT administrators to dynamically manage access to applications, devices, and network connections based on user roles and policies. It is commonly deployed in enterprise virtual desktop environments and hybrid setups to streamline user experience and enforce security settings.
However, recent discoveries show that versions prior to 10.19.10.0 contain hardcoded cryptographic keys—a serious security misstep that puts stored credentials at risk.
The first and most severe issue, CVE-2025-5353, affects IWC versions prior to 10.19.10.0. It allows a local authenticated attacker to use a hardcoded key to decrypt stored SQL credentials. With a CVSS v3.1 score of 8.8 (High), this vulnerability poses a significant risk to backend systems that rely on database security and integrity. Unauthorized access to SQL credentials could enable attackers to retrieve or manipulate sensitive data, or compromise additional systems.
The second vulnerability, CVE-2025-22463, involves another hardcoded key that can be exploited to decrypt the stored environment password. This password is typically used to access system-level or configuration-specific operations within Workspace Control. Although rated slightly lower at 7.3 (High) on the CVSS scale, its implications are serious, especially in complex enterprise environments where configuration consistency and privilege boundaries are crucial.
The third flaw, CVE-2025-22455, mirrors the danger posed by CVE-2025-5353 and also targets stored SQL credentials through the use of a hardcoded key. This issue affects versions of IWC prior to 10.19.0.0 and also carries a CVSS score of 8.8 (High). Together, these vulnerabilities reveal systemic issues in credential handling, making the platform a potential weak point in otherwise secure environments.
All three vulnerabilities impact Ivanti Workspace Control versions up to and including 10.19.0.0. Ivanti has resolved these issues in version 10.19.10.0, and recommends that customers download the latest patch immediately:
Ivanti has also released Workspace Control 2025.2, which introduces a new product architecture to mitigate these risks entirely.
To ensure secure deployment, Ivanti recommends:
- Verifying that the ShieldAPI TLS certificate is trusted by importing it into the Trusted Root Certificate Authorities on all relevant machines.
- Migrating to the updated architecture or switching to Ivanti User Workspace Manager, particularly as Workspace Control is scheduled to reach end-of-life on December 31, 2026.
While Ivanti confirmed there is no evidence of exploitation in the wild, the presence of hardcoded keys in an enterprise control tool poses a latent risk—especially if adversaries gain local access.
Organizations still using older versions of IWC are urged to prioritize this update, assess local access controls, and evaluate their roadmap for either continued support or product migration.
Related Posts:
- Hardcoded Cloud Credentials Found in Popular Mobile Apps: A Major Security Flaw
- Google Patches Workspace Authentication Flaw, Thwarting Account Takeover Attempts
- Chrome Extension Security Alert: Hidden API Keys Expose 21M+ Users to Risk!
- Google Workspace Introduces Workspace Flows and AI Enhancements
- Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities
Donate