Platform
ivanti
Component
ivanti-connect-secure
Opgelost in
22.7.1
22.8.1
22.7.1
2.8.1
22.8.1
CVE-2025-55145 describes a critical authorization vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. This flaw allows a remote, authenticated attacker to hijack existing HTML5 connections, potentially granting them unauthorized access to sensitive data and systems. The vulnerability impacts versions of Ivanti Connect Secure prior to 22.7R2.9 and 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. A fix has been deployed on August 2, 2025.
The core impact of CVE-2025-55145 is the ability for an authenticated attacker to hijack established HTML5 connections. This means an attacker who has already authenticated to the system can leverage this vulnerability to impersonate a legitimate user and gain access to their session. The attacker could then access any resources the user is authorized to access, potentially including sensitive data, internal applications, and network resources. The blast radius extends to any data or systems accessible through the hijacked HTML5 session. This vulnerability is particularly concerning as it bypasses standard authentication checks, allowing for seamless session takeover. Successful exploitation could lead to data breaches, unauthorized access to critical systems, and potential disruption of business operations. The ease of exploitation, given the requirement of only authenticated access, significantly increases the risk.
CVE-2025-55145 was published on September 9, 2025. The EPSS score is currently pending evaluation, but the CVSS score of 8.9 (HIGH) indicates a significant risk. Public proof-of-concept (POC) code is not currently available, but the vulnerability's nature suggests it could be relatively easy to exploit once a POC is released. Given the high CVSS score and the potential for widespread impact, it is likely to become a target for active exploitation. Monitor security advisories from Ivanti and CISA for updates and potential indicators of compromise.
Exploit Status
EPSS
0.43% (62% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-55145 is to upgrade to the patched versions: Ivanti Connect Secure 22.7R2.9 or later, Ivanti Policy Secure 22.7R1.6 or later, Ivanti ZTA Gateway 2.8R2.3-723 or later, and Ivanti Neurons for Secure Access 22.8R1.4 or later. If immediate patching is not possible, consider implementing stricter access controls and monitoring for suspicious activity within HTML5 sessions. Web Application Firewalls (WAFs) configured to detect and block unauthorized session hijacking attempts can provide an additional layer of defense. Review and strengthen authentication mechanisms to minimize the risk of initial compromise. After upgrading, confirm the fix by attempting to establish an HTML5 connection and verifying that the authorization checks are functioning as expected.
Actualice Ivanti Connect Secure a una versión posterior a 22.7R2.9 o 22.8R2, Ivanti Policy Secure a una versión posterior a 22.7R1.6, Ivanti ZTA Gateway a una versión posterior a 2.8R2.3-723 e Ivanti Neurons for Secure Access a una versión posterior a 22.8R1.4. Esto solucionará la falta de autorización que permite el secuestro de conexiones HTML5.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
It's a missing authorization vulnerability in Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access allowing authenticated attackers to hijack HTML5 connections.
You are affected if you are using Ivanti Connect Secure ≤22.8R2, Policy Secure < 22.7R1.6, ZTA Gateway < 2.8R2.3-723, or Neurons for Secure Access < 22.8R1.4.
Upgrade to Ivanti Connect Secure 22.7R2.9 or later, Policy Secure 22.7R1.6 or later, ZTA Gateway 2.8R2.3-723 or later, or Neurons for Secure Access 22.8R1.4 or later.
While no public POC exists yet, the high CVSS score suggests it's likely to become a target for exploitation. Monitor for updates and indicators of compromise.
Refer to the Ivanti security advisory and the NVD entry for CVE-2025-55145 for detailed information and updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.