Denial of Service Vulnerability in Ivanti Connect Secure and Related Products
CVE-2025-55146

4.9MEDIUM

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure; Zta Gateway; Neurons For Secure Access
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-55146?

Ivanti products, including Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access, are exposed to a vulnerability due to an unchecked return value. Exploitation of this flaw could allow a remote authenticated attacker with administrator privileges to initiate a denial of service, impacting the availability of the affected systems. Administrators are advised to apply the fixes deployed on August 2, 2025, to mitigate this risk.

Affected Version(s)

Connect Secure 22.7R2.9

Neurons for Secure Access 22.8R1.4 (Fix deployed on 02-Aug-2025)

Policy Secure 22.7R1.6

References

https://forums.ivanti.com/s/article/September-Security-Ad...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Aug 7, 2025