Remote access: Ivanti Secure Access Client as a gateway for attackers
A security update closes a gap in Ivanti Secure Access Client under Windows.
(Image: Artur Szczybylo/Shutterstock.com)
To prevent attacks on Windows computers with the Ivanti Secure Access Client (ISAC) remote access software, administrators should install an up-to-date version. However, according to the developers, there are no indications so far that attackers are already exploiting the now closed security gap.
Security patch available
According to a warning message, attackers must have local access and be authenticated in order to carry out attacks. If this is the case, they can use the vulnerability (CVE-2025-22454"high") to gain higher rights. Due to the classification of the vulnerability, it can be assumed that attackers can compromise systems in this way.
The developers assure that they have closed the vulnerability in ISAC issues 22.7R4 and 22.8R1. According to them, because there is no exploit yet, they cannot provide admins with an Indicator of Compromise (IoC), which they can use to recognize attacks that have already taken place.
(des)
