CVE-2025-55144: 
Ivanti Connect Secure vulnerability analysis and mitigation

CVE-2025-55144 is a security vulnerability affecting multiple Ivanti products including Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4. The vulnerability was discovered and fixes were deployed on August 2, 2025 (NVD).

The vulnerability is classified as a missing authorization issue that allows a remote authenticated attacker with read-only admin privileges to configure restricted settings. It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The vulnerability is categorized under CWE-862: Missing Authorization (NVD, GBHackers).

When exploited, this vulnerability allows an attacker with read-only administrative privileges to bypass authorization controls and configure restricted settings in the affected systems. This could lead to unauthorized system modifications and potential security control bypasses (CIS Advisory).

Ivanti has released patches to address this vulnerability. Organizations should upgrade to the following versions: Ivanti Connect Secure to version 22.7R2.9 or 22.8R2, Ivanti Policy Secure to version 22.7R1.6, ZTA Gateway to version 2.8R2.3-723, and Neurons for Secure Access to version 22.8R1.4. For cloud-based Neurons for Secure Access installations, fixes were automatically applied on August 2, 2025 (GBHackers).