CSRF Vulnerability in Ivanti Connect Secure and Related Products
CVE-2025-8711

5.4MEDIUM

Key Information:

Vendor

Ivanti
Status
Connect Secure
Policy Secure
Zta Gateway
Neurons For Secure
Vendor
CVE Published:
9 September 2025

What is CVE-2025-8711?

A Cross-Site Request Forgery vulnerability exists in multiple Ivanti products, including Ivanti Connect Secure and Ivanti Policy Secure. This flaw allows unauthenticated attackers to execute specific actions on behalf of legitimate users without their consent. Although user interaction is necessary to trigger this vulnerability, it poses a significant risk to user accounts and system integrity. Affected versions across various Ivanti offerings highlight the importance of updating software to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Connect Secure 22.7R2.9

Neurons for Secure 22.8R1.4 (Fix deployed on 02-Aug-2025)

Policy Secure 22.7R1.6

References

https://forums.ivanti.com/s/article/September-Security-Ad...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.