VYPR
Unrated severityNVD Advisory· Published Aug 12, 2025· Updated Feb 26, 2026

CVE-2025-8296

CVE-2025-8296

Description

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution

Affected products

2
  • Ivanti/Avalanchellm-fuzzy2 versions
    <6.4.8.8008+ 1 more
    • (no CPE)range: <6.4.8.8008
    • (no CPE)range: 6.4.8.8008

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.