Authorization Bypass in Ivanti Connect Secure and Related Products
CVE-2025-8712

5.4MEDIUM

Key Information:

Vendor: Ivanti
Status: Connect Secure Before; Policy Secure; Zta Gateway; Neurons For Secure Access
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-8712?

A vulnerability exists in Ivanti Connect Secure and other related Ivanti products, stemming from insufficient authorization measures. This flaw permits remote authenticated attackers with read-only admin privileges to alter sensitive configuration settings, potentially compromising the integrity of the systems involved. Users of affected versions should apply the remediation updates released on August 2, 2025, to safeguard their systems against unauthorized access and maintain security compliance.

Affected Version(s)

Connect Secure before 22.7R2.9

Neurons for Secure Access 22.8R1.4 (Fix deployed on 02-Aug-2025)

Policy Secure 22.7R1.6

References

https://forums.ivanti.com/s/article/September-Security-Ad...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Aug 7, 2025