Updates have been released by Ivanti to fix a trio of high-severity hardcoded key flaws impacting its Workspace Control platform, which could be leveraged to compromise vulnerable systems' database credentials and facilitate further lateral movement, Cyber Security News reports.
All Ivanti Workspace Control instances versions 10.19.0.0 and earlier are affected by the bugs, the most severe of which are CVE-2025-5353 and CVE-2025-22455, which could be leveraged to facilitate stored SQL credential decryption. Meanwhile, stored environment credentials were targeted by the other issue, tracked as CVE-2025-22463. Despite the lack of ongoing active exploitation, organizations have been urged to immediately apply the issued fixes but not before updating their TLS certificates, ensuring the importation of the ShieldAPI certificate into the local machine's Trusted Root Certificate Authorities. Such a development comes after Ivanti revealed retiring Workspace Control by the end of next year, with users recommended to use the firm's User Workspace Manager platform instead.
All Ivanti Workspace Control instances versions 10.19.0.0 and earlier are affected by the bugs, the most severe of which are CVE-2025-5353 and CVE-2025-22455, which could be leveraged to facilitate stored SQL credential decryption. Meanwhile, stored environment credentials were targeted by the other issue, tracked as CVE-2025-22463. Despite the lack of ongoing active exploitation, organizations have been urged to immediately apply the issued fixes but not before updating their TLS certificates, ensuring the importation of the ShieldAPI certificate into the local machine's Trusted Root Certificate Authorities. Such a development comes after Ivanti revealed retiring Workspace Control by the end of next year, with users recommended to use the firm's User Workspace Manager platform instead.
