CVE-2025-55142
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 (Secondary)
Description
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Affected (31)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 22.7 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 22.7 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 22.8 r2.2 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 22.8 |
References (1)
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Vendor Advisory
Timeline
No history available yet.