Ivanti Connect Secure ↗
Ivanti · Network / Security
0/100 Critical · exploited
Summary iPlain-English security verdict for Ivanti Connect Secure, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Ivanti Connect Secure currently scores 0/100 — critical, with active exploitation. 14 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2019-11510. Upgrade immediately and review your exposure to the actively-exploited CVEs below.
Disclosure trend iNew CVEs published for Ivanti Connect Secure each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
⚠ 8 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2019-11510 CRITICAL ● exploited ⚠ ransomware Path traversal EPSS 94% → see advisory CVE-2024-21887 CRITICAL ● exploited ⚠ ransomware Command injection EPSS 94% → see advisory CVE-2023-46805 HIGH ● exploited ⚠ ransomware Improper authentication EPSS 94% → see advisory CVE-2024-21893 HIGH ● exploited ⚠ ransomware Server-side request forgery (SSRF) EPSS 94% → see advisory CVE-2025-0282 CRITICAL ● exploited ⚠ ransomware CWE-121 EPSS 94% → see advisory CVE-2019-11539 HIGH ● exploited ⚠ ransomware OS command injection EPSS 94% → see advisory CVE-2021-22893 CRITICAL ● exploited ⚠ ransomware Improper authentication EPSS 94% → see advisory CVE-2020-8218 HIGH ● exploited Code injection EPSS 91% → see advisory CVE-2020-8260 HIGH ● exploited Unrestricted file upload EPSS 73% → see advisory CVE-2025-22457 CRITICAL ● exploited ⚠ ransomware CWE-121 EPSS 59% → fixed in 22.7 CVE-2021-22894 HIGH ● exploited Code injection EPSS 42% → see advisory CVE-2020-8243 HIGH ● exploited Code injection EPSS 21% → see advisoryℹ lifecycle unknown — needs latest supported version