SSRF Vulnerability in Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access
CVE-2025-55139

6.8MEDIUM

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure; Zta Gateway; Neurons For Secure Access
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-55139?

A server-side request forgery (SSRF) vulnerability has been identified in multiple Ivanti products, allowing a remote authenticated attacker with admin privileges to exploit the system. This flaw enables such an attacker to enumerate and query internal services without proper restrictions. Remediation has been developed and deployed, ensuring organizations utilizing affected versions are urged to update to secure their environments.

Affected Version(s)

Connect Secure 22.7R2.9

Neurons for Secure Access 22.8R1.4 (Fix deployed on 02-Aug-2025)

Policy Secure 22.7R1.6

References

https://forums.ivanti.com/s/article/September-Security-Ad...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Aug 7, 2025