Improper Link Handling in Ivanti Connect Secure and Related Products
CVE-2025-5468

5.5MEDIUM

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure; Zta Gateway; Neurons For Secure Access
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-5468?

A vulnerability exists in various Ivanti products due to improper handling of symbolic links, enabling local authenticated attackers to gain unauthorized access to arbitrary files on the disk. This issue affects Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access, necessitating immediate updates to mitigate potential exploitation.

Affected Version(s)

Connect Secure 22.7R2.8

Neurons for Secure Access 22.8R1.4 (Fix deployed on 02-Aug-2025)

Policy Secure 22.7R1.5

References

https://forums.ivanti.com/s/article/August-Security-Advis...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Jun 2, 2025

JSON