CVE-2025-8310 PUBLISHED

Assigner: ivanti
Reserved: 29.07.2025 Published: 12.08.2025 Updated: 13.08.2025

Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	High
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Ivanti
Product	Virtual Application Delivery ControllerCWE-862
Versions	Default: affected Version 22.9 is unaffected

References

https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Virtual-Application-Delivery-Controller-vADC-previously-vTM-CVE-2025-8310?language=en_US

Problem Types

CWE-862 Missing Authorization CWE

Impacts

CAPEC-74: Manipulating State