Ivanti Product Security Update Advisory

Aug 14 2025

Overview

We have released a security update to fix vulnerabilities in Ivanti products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-8296, CVE-2025-8297

Ivanti Avalanche Version: 6.4.6 and earlier

Resolved Vulnerabilities

Remote code execution vulnerability due to SQL injection in Ivanti Avalanche (CVE-2025-8296)
Remote code execution vulnerability due to incomplete configuration restrictions in Ivanti Avalanche (CVE-2025-8297)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-8296, CVE-2025-8297

Ivanti Avalanche version: 6.4.8.8008

References

[1] Security Advisory Ivanti Avalanche (CVE-2025-8296, CVE-2025-8297)
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-CVE-2025-8296-CVE-2025-8297?language=en_US

Ivanti Product Security Update Advisory

MS Family August 2025 Routine Security Update Advisory

Apache Tomcat Vulnerability Security Update Advisory (CVE-2025-48989)

Tags:

MS Family August 2025 Routine Security Update Advisory

Apache Tomcat Vulnerability Security Update Advisory (CVE-2025-48989)