CVE-2025-54468: 
vulnerability analysis and mitigation

CVE-2025-54468 is a vulnerability identified in Rancher Manager that affects multiple Ivanti products including Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. The vulnerability was discovered and disclosed in August 2025, with patches released on August 2, 2025. The affected versions include Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4 (Ivanti Advisory).

The vulnerability stems from improper handling of symbolic links (symlinks) in the affected Ivanti products. It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-61 (UNIX Symbolic Link Following) (NVD).

When exploited, this vulnerability allows a local authenticated attacker to read arbitrary files on disk. This could potentially lead to unauthorized access to sensitive information stored on the affected systems (NVD).

The vulnerability has been patched in the following versions: Ivanti Connect Secure version 22.7R2.8 or 22.8R2, Ivanti Policy Secure 22.7R1.5, Ivanti ZTA Gateway 22.8R2.3-723, and Ivanti Neurons for Secure Access 22.8R1.4. Users are advised to upgrade to these patched versions to mitigate the vulnerability (NVD).