Ivanti reports three high severity hardcoded keys flawa in Ivanti Workspace Control
Take action: This one is not critical, but is still quite concerning. The flaws enable attackers to decrypt credentials due to hardcoded encryption keys (which can be easily found on other installations). An exploit does require local access, so you are not in immediate danger. But given that hackers LOVE Ivanti vulnerabilities, plan a patch of this one.
Learn More
Ivanti has released security updates for three high-severity vulnerabilities in its Workspace Control (IWC) platform that could enable authenticated attackers to decrypt stored credentials and potentially compromise entire enterprise environments.
Ivanti Workspace Control, is an enterprise solution that helps IT administrators manage desktops and applications by serving as an intermediary between operating systems and users. The platform provides centralized control over user workspaces and dynamically configures desktops, applications, and user settings based on organizational policies and user roles.
Vulnerabilities summary:
- CVE-2025-5353 (CVSS score 8.8): A hardcoded cryptographic key vulnerability in Ivanti Workspace Control that allows local authenticated attackers to decrypt stored SQL credentials.
- CVE-2025-22455 (CVSS score 8.8): Another hardcoded key vulnerability that allows local authenticated attackers to decrypt stored SQL credentials.
- CVE-2025-22463 (CVSS score 7.3): A hardcoded key vulnerability that enables local authenticated attackers to decrypt stored environment passwords
All three vulnerabilities require local access and low-level privileges. The attack complexity is rated as low, and successful exploitation could lead to privilege escalation and complete system compromise depending on the targeted accounts and their associated permissions.
Affected Versions
All editions of Ivanti Workspace Control, including both standalone deployments and integrated enterprise environments of versions 10.19.0.0 and all prior are affected
Patched Versions
Ivanti has addressed these vulnerabilities in Workspace Control version 10.19.10.0, which is immediately available for download through official channels. The company has also introduced Workspace Control 2025.2, featuring a completely redesigned architecture that addresses these security issues at a fundamental level.
Organizations upgrading to the new architecture must ensure that the TLS certificate used by the ShieldAPI is properly trusted by importing it into the Trusted Root Certificate Authorities store for the Local Machine on all systems where Workspace Control components are installed.
