CVE-2025-55142: 
Ivanti Connect Secure vulnerability analysis and mitigation

CVE-2025-55142 is a high-severity vulnerability affecting multiple Ivanti products discovered and disclosed on September 9, 2025. The vulnerability impacts Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. The issue was fixed through patches deployed on August 2, 2025 (NVD).

The vulnerability is characterized by missing authorization controls that allow a remote authenticated attacker with read-only admin privileges to configure authentication-related settings. It has received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD).

The vulnerability allows an attacker with read-only admin privileges to elevate their access and modify authentication settings, potentially compromising the security of the affected systems. The high CVSS score of 8.8 indicates significant potential impact across confidentiality, integrity, and availability (NVD).

Ivanti has released patches to address this vulnerability. Users should upgrade Ivanti Connect Secure to version 22.7R2.9 or 22.8R2, Policy Secure to version 22.7R1.6, and ZTA Gateway to version 2.8R2.3-723. For Neurons for Secure Access, fixes were automatically applied in the cloud environment on August 2, 2025. Additionally, administrators are advised to avoid exposing administrative portals directly to the internet (GB Hackers).