Missing Authorization Vulnerability in Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access
CVE-2025-55145
Key Information:
- Vendor
Ivanti
- Vendor
- CVE Published:
- 9 September 2025
What is CVE-2025-55145?
CVE-2025-55145 is a critical vulnerability affecting Ivanti's suite of secure access solutions, including Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. Specifically, this vulnerability relates to a missing authorization check in various versions of these products, allowing remote authenticated attackers to hijack existing HTML5 connections. The affected software is widely used for secure access and management of network resources within organizations, underscoring the significance of maintaining robust security protocols. The failure to implement adequate authorization measures opens the door for attackers to gain unauthorized access to sensitive information and potentially interfere with thećŁĺ¸¸ operation of secure connections.
Potential impact of CVE-2025-55145
-
Unauthorized Access: Attackers could exploit this vulnerability to obtain unauthorized access to user sessions, compromising the confidentiality and integrity of data transmitted over secure connections and potentially exposing sensitive organizational information.
-
Data Breach Risks: The hijacking of HTML5 connections can lead to significant data breaches, as attackers may be able to intercept and manipulate communications, jeopardizing critical business operations and customer trust.
-
Service Disruption: Exploitation of this vulnerability might result in service interruptions or degradation of the secure access services provided by the affected Ivanti products, impacting overall business productivity and user experience.
Affected Version(s)
Connect Secure 22.7R2.9 22.7R2.9
Neurons for Secure Access 22.8R1.4 (Fix deployed on 02-Aug-2025)
Policy Secure 22.7R1.6