CVE-2025-55143
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 (Secondary)
Description
Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required.
Affected (31)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 22.7 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 22.7 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 22.8 r2.2 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 22.8 |
References (1)
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Vendor Advisory
Timeline
No history available yet.