June 10, 2025 By Sergiu Gatlan
Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution.
IWC helps enterprise admins manage desktops and applications, acting as an intermediary between the operating system and users and regulating access and workspace configuration.
It provides centralized control over user workspaces and dynamically configures desktops, applications, and user settings based on policies and user roles.
All three security bugs are caused by the use of a hard-coded, unchangeable cryptographic key, and they can lead to privilege escalation and system compromise following successful exploitation and depending on the account targeted during a potential attack.
Two security flaws ( CVE-2025-5353 and CVE-2025-22455) allow local authenticated attackers to decrypt stored SQL credentials on systems running IWC version 10.19.0.0 and earlier. The third vulnerability patched today (CVE-2025-22463) also enables local authenticated attackers to decrypt the stored environment password.
"Ivanti has released updates for Ivanti Workspace Control which address three high severity vulnerabilities. Successful exploitation could lead to credential compromise," the company said today.
| Product | Affected versions | Resolved versions | Patch |
| Ivanti Workspace Control (IWC) | 10.19.0.0 and prior | 10.19.10.0 | Download Link |