【VULNERABILITY ALERT】Two Critical Security Vulnerabilities Exist in Ivanti Workspace Control

• Subject: 【VULNERABILITY ALERT】Two Critical Security Vulnerabilities Exist in Ivanti Workspace Control

• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center (TWCERTCC-200-202506-00000006)
  • Ivanti Workspace Control (IWC) is Ivanti's workspace management solution, acting as an intermediary between the operating system and users to simplify desktop deployment and protect user settings and records. Recently, Ivanti issued a security advisory, pointing out that the system has two critical security vulnerabilities (CVE-2025-5353, CVSS: 8.8 and CVE-2025-22455, CVSS: 8.8), and has released patched versions. Both vulnerabilities allow locally authenticated attackers to decrypt stored SQL credentials using a hardcoded key.
• Affected Platforms:
  • Ivanti Workspace Control (IWC) versions 10.19.0.0 and earlier
• Suggested Measures:
  • Update Ivanti Workspace Control (IWC) to version 10.19.10.0
• References:
  1. https://www.twcert.org.tw/tw/cp-169-10174-39fdd-1.html

Computer and Communications Center
Network Systems Division