CVE-2025-55146

Description

An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

Ivanti / Connect Secure22.7R2.9 – 22.7R2.9
Ivanti / Connect Secure22.8R2 – 22.8R2
Ivanti / Neurons for Secure Access22.8R1.4 (Fix deployed on 02-Aug-2025) – 22.8R1.4 (Fix deployed on 02-Aug-2025)
Ivanti / Policy Secure22.7R1.6 – 22.7R1.6
Ivanti / ZTA Gateway2.8R2.3-723 – 2.8R2.3-723

References

MISChttps://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US