Authorization Flaw in Ivanti Connect Secure and Policy Secure
CVE-2025-55141

8.8HIGH

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure; Zta Gateway; Neurons For Secure Access
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-55141?

A significant authorization vulnerability exists in multiple Ivanti products, including Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. This issue permits remote authenticated attackers with read-only admin privileges to manipulate authentication settings. Such a weakness could potentially allow unauthorized adjustments to critical security configurations, compromising the secure access mechanisms of the affected systems. A patch addressing this flaw was released on August 2, 2025.

Affected Version(s)

Connect Secure 22.7R2.9

Neurons for Secure Access 22.8R1.4 (Fix deployed on 02-Aug-2025)

Policy Secure 22.7R1.6

References

https://forums.ivanti.com/s/article/September-Security-Ad...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Aug 7, 2025