Ivanti March Security Update (AL05/250311/CSIRT-ITA)

Summary

Ivanti is releasing security updates that address two vulnerabilities, one of which is a “high” severity vulnerability, in Neurons for MDM and Secure Access Client (ISAC) products.

Risk

Vulnerability community impact estimate: Medium (63.84)

Type

Privilege Escalation

Affected products and/or versions

Ivanti Secure Access Client (ISAC), version 22.7R3 and earlier.

Mitigation actions

In line with vendor statements, it is recommended to update vulnerable products by following the guidance in the security bulletin reported in the References section.

The following are only the CVEs related to the “high” severity vulnerabilities:

CVE
CVE-2025-22454

References

https://www.ivanti.com/blog/march-security-update

https://forums.ivanti.com/s/article/March-Security-Advisory-Ivanti-Secure-Access-Client-ISAC-CVE-2025-22454?language=en_US

¹This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.

Home

Some companies that have chosen us

Professional qualifications

Ivanti March Security Update (AL05/250311/CSIRT-ITA)

Recommended to you

Apple: 0-day detected in WebKit rendering engine (AL02/250312/CSIRT-ITA)

Adobe: Security Updates (AL03/250312/CSIRT-ITA

Joomla! Updates (AL04/250312/CSIRT-ITA)

HONG KONG SUPERVISORY AUTHORITY: Publishes Investigation Findingson the Data Breach Incident of the Companies...

Zoom Vulnerability (AL05/250312/CSIRT-ITA)

Laravel: Public PoC for CVE-2024-13919 Exploitation (AL06/250312/CSIRT-ITA)

Resolved vulnerabilities in Cisco products (AL07/250312/CSIRT-ITA)

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

Schneider Electric: Vulnerabilities discovered in various products (AL03/250311/CSIRT-ITA)

Siemens Product Updates (AL04/250311/CSIRT-ITA)