Inclusion of Sensitive Information in Log Files in Ivanti Connect Secure (formerly Pulse Connect Secure) and Ivanti Policy Secure (formerly Pulse Policy Secure) - CVE-2025-5463
Published: July 8, 2025
Vulnerability identifier: #VU112537
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-5463
CWE-ID: CWE-532
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Ivanti
Affected software:
Ivanti Connect Secure (formerly Pulse Connect Secure)
Ivanti Policy Secure (formerly Pulse Policy Secure)
Ivanti Connect Secure (formerly Pulse Connect Secure)
Ivanti Policy Secure (formerly Pulse Policy Secure)
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.
How to mitigate CVE-2025-5463
Install updates from vendor's website.