Lucene search
K

Ivanti Connect Secure < 22.7R2.9 / 22.8R2 Multiple Vulnerabilities

🗓️ 12 Sep 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 137 Views

Ivanti Connect Secure before 22.7R2.9/22.8R2 has authorization, CSRF, and HTML5 hijack flaws; fixes deployed August 2025.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-55141
9 Sep 202519:05
circl
Circl
CVE-2025-55142
9 Sep 202519:01
circl
Circl
CVE-2025-55145
9 Sep 202515:31
circl
Circl
CVE-2025-55146
9 Sep 202515:31
circl
Circl
CVE-2025-55147
10 Sep 202504:33
circl
Circl
CVE-2025-8711
9 Sep 202515:31
circl
Circl
CVE-2025-8712
9 Sep 202515:31
circl
CNNVD
Ivanti多款产品 安全漏洞
9 Sep 202500:00
cnnvd
CNNVD
Ivanti多款产品 跨站请求伪造漏洞
9 Sep 202500:00
cnnvd
CNNVD
Ivanti多款产品 安全漏洞
9 Sep 202500:00
cnnvd
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(264601);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/12");

  script_cve_id(
    "CVE-2025-8712",
    "CVE-2025-8711",
    "CVE-2025-55139",
    "CVE-2025-55141",
    "CVE-2025-55142",
    "CVE-2025-55143",
    "CVE-2025-55144",
    "CVE-2025-55145",
    "CVE-2025-55146",
    "CVE-2025-55147",
    "CVE-2025-55148"
  );
  script_xref(name:"IAVA", value:"2025-A-0660");

  script_name(english:"Ivanti Connect Secure <  22.7R2.9 / 22.8R2 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A VPN solution installed on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Ivanti Connect Secure installed on the remote host is prior to  22.7R2.9 / 22.8R2. It is, therefore, affected 
by multiple vulnerabilities, including the following:

  - Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before
    22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4
    (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to
    configure authentication related settings. (CVE-2025-55141)

  - CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti
    ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on
    02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the
    victim user. User interaction is required. (CVE-2025-55147)

  - Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before
    22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4
    (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5
    connections. (CVE-2025-55145)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?800d2357");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Ivanti Connect Secure 22.7R2.9 / 22.8R2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-55141");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/12");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ivanti:connect_secure");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:pulse_secure:connect_secure");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("pulse_connect_secure_detect.nbin");
  script_require_keys("installed_sw/Pulse Connect Secure");

  exit(0);
}

include('vcf_extras.inc');

var port = get_http_port(default:443, embedded:TRUE);
var app_info = vcf::pulse_connect_secure::get_app_info(app:'Pulse Connect Secure', port:port, full_version:TRUE, webapp:TRUE);

var constraints = [
  { 'fixed_version' : '22.7.2.4757',   'fixed_display':'22.7R2.9 (Build 4757) / 22.8R2 (Build 14015)'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

12 Sep 2025 00:00Current
5.7Medium risk
Vulners AI Score5.7
CVSS 3.18.9
EPSS0.00855
SSVC
137