High

Analysis Summary

Ivanti has released urgent security updates for its Workspace Control platform to address three high-severity vulnerabilities, CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455 that affect version 10.19.0.0 and earlier. These flaws stem from hardcoded encryption keys within the software, categorized under CWE-321, making stored SQL and environment credentials susceptible to decryption by local authenticated attackers. CVE-2025-5353 and CVE-2025-22455 both received a critical CVSS score of too high due to their potential to compromise stored SQL credentials, while CVE-2025-22463 carries a slightly lower score, focusing on environment password decryption.

Although the attack requires local access with low-level privileges, successful exploitation could allow attackers to gain access to sensitive database credentials, posing a serious risk to the confidentiality, integrity, and availability of enterprise systems. This opens up possibilities for privilege escalation and deeper network compromise. Ivanti has clarified that these vulnerabilities were identified through its responsible disclosure program, with no current evidence of exploitation or associated indicators of compromise. However, the risks they pose demand immediate action.

To mitigate the vulnerabilities, Ivanti has released version 10.19.10.0, part of Workspace Control 2025.2, which features a revamped architecture specifically designed to eliminate the identified security flaws. Before applying the patch, organizations are required to update their TLS certificates and import the ShieldAPI certificate into the Trusted Root Certificate Authorities store for the Local Machine where components are deployed. These steps are essential for the patch to be successfully applied and to ensure secure communication within the platform.

With Ivanti Workspace Control scheduled to reach end-of-life on December 31, 2026, the company is offering migration support to Ivanti User Workspace Manager or other alternatives within its ecosystem. For customers hesitant to invest in a platform with a limited future lifespan, this transition path provides a secure and supported alternative. Despite no known exploitation at this time, Ivanti strongly urges all organizations using affected versions to prioritize patching, considering the significant security risks associated with credential compromise in enterprise environments.

Impact

• Sensitive Data Theft
• Gain Access
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2025-5353

• CVE-2025-22463

• CVE-2025-22455

Affected Vendors

Affected Products

• Ivanti Workspace Control before version 10.19.10.0

Remediation

• Refer to the Ivanti Security Advisory for patch, upgrade, or suggested workaround information.
• Upgrade Ivanti Workspace Control to version 10.19.10.0 (part of Workspace Control 2025.2) to fix the vulnerabilities.
• Update TLS Certificates Before Patch:
• Before installing the update, ensure that all TLS certificates are updated on the affected systems.
• Import the ShieldAPI certificate into the Trusted Root Certificate Authorities store for the Local Machine on all devices where Workspace Control components are installed.
• After applying the update, verify that all systems have been correctly patched and that no outdated versions remain in use.
• Audit and limit local authenticated user access on systems running Workspace Control to reduce exploitation risk prior to patching.
• Consider migrating to Ivanti User Workspace Manager or another supported platform, given Workspace Control's scheduled end-of-life on December 31, 2026.
• Although no exploitation has been observed, organizations should enable logging and monitor for suspicious activity or unauthorized access attempts involving SQL credentials.
• Follow Ivanti’s security advisories and bulletins for any future updates or additional mitigation guidance.