Ivanti has released security patches for three critical vulnerabilities in its Workspace Control solution, which could allow privilege escalation and system compromise through exploit of hardcoded cryptographic keys. The vulnerabilities affect versions prior to 10.19.10.0 and have not been exploited in the wild so far, but they pose a significant risk if targeted. #Ivanti #WorkspaceControl
Keypoints
- Ivanti fixed three high-severity vulnerabilities in its Workspace Control software.
- All identified bugs stem from hardcoded cryptographic keys affecting credential security.
- The patched vulnerabilities are CVE-2025-5353, CVE-2025-22455, and CVE-2025-22463.
- Exploitation could lead to privilege escalation and credential theft, but no active attacks are known.
- Ivanti plans to end support for Workspace Control in December 2026, after which no security updates will be provided.