CVE-2025-55148

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Connect Secure versions prior to 22.8R2 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior to 22.8R1.4

Description: A missing authorization check allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.

Recommendations: Update Ivanti Connect Secure to version 22.7R2.9 or later. Update Ivanti Connect Secure to version 22.8R2 or later. Update Ivanti Policy Secure to version 22.7R1.6 or later. Update Ivanti ZTA Gateway to version 2.8R2.3-723 or later. Update Ivanti Neurons for Secure Access to version 22.8R1.4 or later.

Fix

LPE

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-55148

Affected Products

Ivanti Connect Secure

Ivanti Neurons For Secure Access

Ivanti Policy Secure

Ivanti Zta Gateways

CVE-2025-55148

Weakness Enumeration

Related Identifiers

Affected Products

References · 6