CVE-2025-55147: 
Ivanti Connect Secure vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in multiple Ivanti products (CVE-2025-55147), affecting Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. The vulnerability was disclosed on September 9, 2025, with fixes deployed on August 2, 2025 (Ivanti Advisory).

The vulnerability allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user, with user interaction being required. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-352: Cross-Site Request Forgery (CSRF) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute sensitive actions with the privileges of a victim user. The high CVSS score of 8.8 indicates potential severe impacts on confidentiality, integrity, and availability of the affected systems (GBHackers).

Ivanti has released patches to address this vulnerability. Users should upgrade to the following versions: Ivanti Connect Secure to version 22.7R2.9 or 22.8R2, Ivanti Policy Secure to version 22.7R1.6, Ivanti ZTA Gateway to version 2.8R2.3-723, and Ivanti Neurons for Secure Access to version 22.8R1.4. For cloud-based Neurons for Secure Access, fixes were automatically applied on August 2, 2025 (GBHackers).