CSRF Vulnerability in Ivanti Connect Secure and Related Products
CVE-2025-55147

8.8HIGH

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure; Zta Gateway; Neurons For Secure Access
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-55147?

A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple Ivanti products, allowing an unauthenticated remote attacker to execute sensitive actions on behalf of the victim user. User interaction is necessary for the exploitation of this flaw, as it requires the victim to perform specific actions. This issue affects various versions of Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access, underlining the need for prompt remediation to mitigate potential security risks.

Affected Version(s)

Connect Secure 22.7R2.9

Neurons for Secure Access 22.8R1.4 (Fix deployed on 02-Aug-2025)

Policy Secure 22.7R1.6

References

https://forums.ivanti.com/s/article/September-Security-Ad...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Aug 7, 2025