Authorization Flaw in Ivanti Connect Secure and Related Products
CVE-2025-55148

7.6HIGH

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure; Zta Gateway; Neurons For Secure Access
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-55148?

A security issue has been identified in Ivanti products where missing authorization allows remote authenticated attackers with read-only admin privileges to alter restricted settings. This flaw exists in several Ivanti offerings, including Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. The vulnerability can potentially lead to unauthorized configuration changes, exposing sensitive data and compromising the integrity of these systems. A fix was deployed on August 2, 2025, addressing the issue across the affected products.

Affected Version(s)

Connect Secure 22.7R2.9

Neurons for Secure Access 22.8R1.4 (Fix deployed on 02-Aug-2025)

Policy Secure 22.7R1.6

References

https://forums.ivanti.com/s/article/September-Security-Ad...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Aug 7, 2025