ivanti connect_secure CVE Vulnerabilities (130)

CVEs: 130 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting ivanti connect_secure (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 120 of 130 CVEs
«« First « Prev Page 1 / 7 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-8712 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 5.4 0.41% 2025-09-09 2026-06-17
CVE-2025-8711 CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 5.4 0.31% 2025-09-09 2026-06-17
CVE-2025-55148 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 7.6 0.52% 2025-09-09 2026-06-17
CVE-2025-55147 CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 8.8 0.56% 2025-09-09 2026-06-17
CVE-2025-55146 An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 4.9 0.74% 2025-09-09 2026-06-17
CVE-2025-55145 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5 connections. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 8.9 0.57% 2025-09-09 2026-06-17
CVE-2025-55144 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 5.4 0.51% 2025-09-09 2026-06-17
CVE-2025-55143 Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.1 0.66% 2025-09-09 2026-06-17
CVE-2025-55142 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 8.8 0.85% 2025-09-09 2026-06-17
CVE-2025-55141 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 8.8 0.85% 2025-09-09 2026-06-17
CVE-2025-55139 SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.8 0.77% 2025-09-09 2026-06-17
CVE-2025-5468 Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 5.5 0.33% 2025-08-12 2026-06-17
CVE-2025-5466 XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 4.9 0.60% 2025-08-12 2026-06-17
CVE-2025-5462 A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 7.5 1.04% 2025-08-12 2026-06-17
CVE-2025-5456 A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 7.5 0.97% 2025-08-12 2026-06-17
CVE-2025-5464 Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 0.31% 2025-07-08 2026-06-17
CVE-2025-0293 CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.6 0.40% 2025-07-08 2026-06-17
CVE-2025-0292 SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 5.5 0.56% 2025-07-08 2026-06-17
CVE-2025-5463 Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 5.5 0.31% 2025-07-08 2026-06-17
CVE-2025-5451 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 4.9 0.65% 2025-07-08 2026-06-17
«« First « Prev Page 1 / 7 Next »
cvelogic Threat Intelligence