CSRF Vulnerability in Ivanti Connect Secure and Related Products
CVE-2025-8711

5.4MEDIUM

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure; Zta Gateway; Neurons For Secure
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-8711?

A Cross-Site Request Forgery vulnerability exists in multiple Ivanti products, including Ivanti Connect Secure and Ivanti Policy Secure. This flaw allows unauthenticated attackers to execute specific actions on behalf of legitimate users without their consent. Although user interaction is necessary to trigger this vulnerability, it poses a significant risk to user accounts and system integrity. Affected versions across various Ivanti offerings highlight the importance of updating software to mitigate potential exploitation.

Affected Version(s)

Connect Secure 22.7R2.9

Neurons for Secure 22.8R1.4 (Fix deployed on 02-Aug-2025)

Policy Secure 22.7R1.6

References

https://forums.ivanti.com/s/article/September-Security-Ad...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Aug 7, 2025