CVE-2025-8310
📋 TL;DR
This vulnerability allows authenticated remote attackers to reset administrator passwords in Ivanti Virtual Application Delivery Controller (vADC) admin consoles, potentially gaining full administrative control. It affects organizations running vADC versions before 22.9. Attackers need existing authenticated access to exploit this flaw.
💻 Affected Systems
- Ivanti Virtual Application Delivery Controller (formerly vTM)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the vADC appliance, allowing attackers to reconfigure network traffic, intercept sensitive data, deploy malware, or pivot to internal networks.
Likely Case
Privilege escalation where authenticated users (including low-privilege accounts) gain administrative access to modify configurations, disrupt services, or access sensitive information.
If Mitigated
Limited impact if strong network segmentation, multi-factor authentication, and least-privilege access controls prevent unauthorized users from reaching the admin console.
🎯 Exploit Status
Exploitation requires authenticated access to the admin console; attackers may use stolen credentials or existing low-privilege accounts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 22.9 or later
Restart Required: No
Instructions:
1. Download vADC version 22.9 or later from Ivanti support portal. 2. Apply the update through the admin console or CLI. 3. Verify the update completes successfully without service disruption.
🔧 Temporary Workarounds
Restrict Admin Console Access
allLimit network access to the admin console using firewall rules or network segmentation to only trusted IP addresses.
Enforce Strong Authentication
allImplement multi-factor authentication (MFA) for all admin console users and review/remove unnecessary accounts.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate vADC admin consoles from untrusted networks.
- Enable detailed logging and monitoring for admin console access and password reset attempts.
🔍 How to Verify
Check if Vulnerable:
Check the vADC version in the admin console under System > About or via CLI command 'show version'.Check Version:
show versionVerify Fix Applied:
Confirm the version is 22.9 or higher and test that password reset functionality requires proper authorization.📡 Detection & Monitoring
Log Indicators:
- Unusual admin password reset events
- Failed authentication attempts followed by successful resets
- Login from unexpected IP addresses
Network Indicators:
- HTTP POST requests to password reset endpoints from unauthorized sources
SIEM Query:
source="vADC" AND (event_type="password_reset" OR uri="/admin/password/reset")