December Security Update

In today’s digital era the importance of maintaining secure software cannot be overstated. Ivanti is dedicated to providing secure solutions and we prioritize security throughout the development lifecycle. We employ rigorous testing and validation methodologies to identify and mitigate potential vulnerabilities. Our vulnerability management program is designed to identify, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, ensuring responsible and transparent communication with our customers.

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have also made improvements to our responsible disclosure process so that we can promptly discover and address potential issues – this has created a natural and intended increase in disclosure.

Ivanti has begun releasing standard security patches on the second Tuesday of every month. For many of our customers, the predictable schedule facilitates better planning and management of IT resources, allowing them to allocate time and personnel efficiently for the timely updates.

We understand that secure software is not just a feature but a fundamental requirement in delivering reliable and trustworthy solutions. Ivanti remains steadfast in its mission to deliver secure, innovative, and effective products that our customers can rely on with confidence.

Today, fixes have been released for the Ivanti solutions detailed below.

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Cloud Service Application
• Ivanti Desktop and Server Management (DSM)
• Ivanti Connect Secure and Policy Secure
• Ivanti Sentry
• Ivanti Patch SDK (also affecting Ivanti Endpoint Manager (EPM), Ivanti Security Controls, Ivanti Neurons Agent, Ivanti Neurons for Patch Management, and Ivanti Patch for Configuration Manager)

Update December 11, 2025: fixes have been released for the following solutions.

• Ivanti Application Control
• Ivanti Automation
• Ivanti Workspace Control
• Ivanti Performance Manager
• Ivanti Security Controls (iSec)

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.