- 199/2025
- High
Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform denial of service or cross-site scripting attacks, conduct server-side request forgery attacks, or execute arbitrary code, and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Ivanti Connect Secure Security Bypass Vulnerability (CVE-2025-55145):
- CVSS: 8.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Bypass Security
2. Ivanti Endpoint Manager Code Execution Vulnerability (CVE-2025-9712):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
The Affected Products:
- Ivanti Connect Secure version 22.7R2.8 and prior.
- Ivanti Policy Secure version 22.7R1.4 and prior.
- ZTA Gateways Versions 22.8R2.2.
- Neurons for Secure Access versions 22.8R1.3 and prior.
- Ivanti Endpoint Manager versions 2022 SU8 Security Update 1 and prior.
- Ivanti Endpoint Manager versions 2024 SU3 and prior.
Vulnerabilities
- CVE-2025-9712
- CVE-2025-55146
- CVE-2025-55141
- CVE-2025-9872
- CVE-2025-8712
- CVE-2025-8711
- CVE-2025-55145
- CVE-2025-55147
- CVE-2025-55148
- CVE-2025-55139
- CVE-2025-55142
- CVE-2025-55143
- CVE-2025-55144
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.