CVE-2025-22455
📛 CVE Title
CVE-2025-22455
Description
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
Overview
- State
- PUBLISHED
- Assigner (CNA)
- ivanti
- CVSS severity
- HIGH
- CVSS score
- 8.8 / 10
- CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H- Effective score
- 8.8 / 10 HIGH source: CNA overview
- CWE(s)
-
CWE-321 - Reserved
- 2025-01-07
- Published
- 2025-06-10 16:38 UTC
- Last updated
- 2026-02-26 18:51 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22455.json
- Linked Threat
- CVE-2025-22455 — CVE-2025-22455
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2025-17685 - Assigner
- ivanti
- Published
- Jun 10, 2025, 2:38:36 PM
- Updated
- Feb 26, 2026, 5:51:04 PM
- EUVD base score (CVSS 3.1)
-
8.8 / 10
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H - EUVD-reported EPSS
- 0.3100
- Vendors
- Ivanti
- Products
-
Workspace Control (patch: 10.19.0.0)
- Aliases
-
GHSA-hqc8-8fj8-x6ff
ENISA description: A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Ivanti | Workspace Control |
10.19.0.0 (unaffected)
|
— |
Remediations (10)
Remediations are stored against the linked Threat row; the list below is deduplicated across both pages.
-
web:cyberpress.org
A newly published proof-of-concept tool called BitUnlocker exposes a dangerous downgrade attack that can bypass Microsoft's BitLocker full-disk encryption on fully patched Windows 11 machines, granting complete access to encrypted drives in under five minutes. The attack exploits CVE - 2025 -48804, a vulnerability in Windows BitLocker that allows an attacker to mix untrusted data with trusted ...
2026-05-22 12:17 UTC -
web:cybersecuritynews.com
No patch has been released yet; Microsoft has instead issued a multi-step manual mitigation guide while a formal security update is prepared. Windows BitLocker Security Bypass The vulnerability originates in WinRE's handling of the BootExecute registry value under HKLM\ControlSet001\Control\Session Manager.
2026-05-22 12:17 UTC -
web:krebsonsecurity.com
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities ...
2026-05-22 12:17 UTC -
web:portal.msrc.microsoft.com
The Security Update Guide provides information on the latest Microsoft security updates, helping users understand and address potential vulnerabilities effectively.
2026-05-22 12:17 UTC -
web:windowsreport.com
The newly exposed Windows security flaw, dubbed "YellowKey," has become a major headache for Microsoft. After the exploit details leaked publicly alongside a working proof-of-concept, the company has now rushed out official mitigation guidance while it prepares a permanent fix . The vulnerability reportedly targets BitLocker-protected systems and could allow attackers direct access to ...
2026-05-22 12:17 UTC -
web:www.cve.org
At cve .org, we provide the authoritative reference method for publicly known information-security vulnerabilities and exposures
2026-05-22 12:17 UTC -
web:www.helpnetsecurity.com
Microsoft is working on a fix for CVE -2026-45585 (aka "Yellowkey"), a vulnerability that can be used to bypass Windows' BitLocker protection.
2026-05-22 12:17 UTC -
web:www.linkedin.com
Microsoft Security Response Center has issued an emergency mitigation for a newly disclosed BitLocker bypass vulnerability known as "YellowKey," after security researchers publicly released ...
2026-05-22 12:17 UTC -
web:www.notebookcheck.net
Microsoft released mitigation steps for YellowKey ( CVE -2026-45585), a BitLocker bypass that grants physical attackers access to encrypted Windows drives.
2026-05-22 12:17 UTC -
web:www.securityweek.com
Microsoft has announced mitigations for CVE -2026-45585, a BitLocker bypass triggered via FsTx in Windows Recovery.
2026-05-22 12:17 UTC
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
Web references (0)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
No web references attached yet.
Indicators (1)
IOCs linked to the auto-promoted Threat row.
| Type | Value | VirusTotal | Attached |
|---|---|---|---|
| ipv4 |
10.19.0.0
|
no local data | 2026-05-18 21:19 UTC |
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2025-22455.json.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T04:01:33.471922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:51:04.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Workspace Control",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "10.19.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.<br>"
}
],
"value": "A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:38:36.559Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-CVE-2025-5353-CVE-CVE-2025-22463-CVE-2025-22455"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-22455",
"datePublished": "2025-06-10T14:38:36.559Z",
"dateReserved": "2025-01-07T02:19:22.796Z",
"dateUpdated": "2026-02-26T17:51:04.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}