17 matches found
CVE-2025-22457
CVE-2025-22457 is a stack-based buffer overflow in Ivanti Connect Secure family (affecting Ivanti Connect Secure prior to 22.7R2.6, Ivanti Policy Secure prior to 22.7R1.4, and Ivanti ZTA Gateways prior to 22.8R2.2) that enables remote code execution by a remote unauthenticated attacker. Affected ...
CVE-2024-22024
CVE-2024-22024 is an XML External Entity (XXE) vulnerability in Ivanti Connect Secure and Ivanti Policy Secure gateways (SAML component) affecting 9.x and 22.x branches, plus ZTA gateways. The issue allows an unauthenticated attacker to access certain restricted resources via SAML-based requests....
CVE-2025-8712
Ivanti reports a missing authorization flaw (CVE-2025-8712) affecting Ivanti Connect Secure before 22.7R2.9/22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. The issue allows a remote authenticated attacker ...
CVE-2025-55139
CVE-2025-55139 is an SSRF issue affecting Ivanti Connect Secure (ICS) prior to 22.7R2.9/22.8R2, Ivanti Policy Secure prior to 22.7R1.6, Ivanti ZTA Gateway prior to 2.8R2.3-723, and Ivanti Neurons for Secure Access prior to 22.8R1.4. The root cause is a server-side request forgery that lets a remo...
CVE-2025-5462
Ivanti vulnerability CVE-2025-5462 is a heap-based buffer overflow affecting Ivanti Connect Secure prior to 22.7R2.8 or 22.8R2, Ivanti Policy Secure prior to 22.7R1.5, Ivanti ZTA Gateway prior to 22.8R2.3-723, and Ivanti Neurons for Secure Access prior to 22.8R1.4. The flaw allows a remote unauth...
CVE-2025-5456
CVE-2025-5456 is a buffer over-read in Ivanti Connect Secure prior to 22.7R2.8 or 22.8R2, Ivanti Policy Secure prior to 22.7R1.5, Ivanti ZTA Gateway prior to 2.8R2.3-723, and Ivanti Neurons for Secure Access prior to 22.8R1.4. The issue allows a remote unauthenticated attacker to trigger a denial...
CVE-2025-55148
Ivanti vulnerabilities (CVE-2025-55148 and related) affect Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. Root cause: missing authorization checks allow a remote authenticated attacker with read-only admin privileges to configure restricted settings (fix deploy...
CVE-2025-5466
CVE-2025-5466 is an XML External Entity (XEE) vulnerability affecting Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. The issue allows a remote authenticated attacker with admin privileges to trigger a denial of service. Affected versions before the stated fixes ...
CVE-2025-55145
CVE-2025-55145 describes a missing authorization flaw in Ivanti Connect Secure (ICS), Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access that allows a remote authenticated attacker to hijack existing HTML5 connections. Affected versions include ICS <= 22.7R2.9 and &...
CVE-2025-5468
CVE-2025-5468 covers Ivanti products (Connect Secure, Policy Secure, ZTA Gateway, Neurons for Secure Access). The root cause is improper handling of symbolic links, enabling a local authenticated attacker to read arbitrary on-disk files. Affected versions include Ivanti Connect Secure before 22.7...
CVE-2025-55146
Summary: CVE-2025-55146 describes an unchecked return value in Ivanti Connect Secure (before 22.7R2.9) and Ivanti Policy Secure (before 22.7R1.6), Ivanti ZTA Gateway (before 2.8R2.3-723), and Ivanti Neurons for Secure Access (before 22.8R1.4) that enables a remote authenticated attacker with admi...
CVE-2025-55143
CVE-2025-55143 is a reflected text injection vulnerability affecting Ivanti Connect Secure < 22.7R2.9 or < 22.8R2, Ivanti Policy Secure < 22.7R1.6, Ivanti ZTA Gateway < 2.8R2.3-723, and Ivanti Neurons for Secure Access
CVE-2025-8711
CVE-2025-8711 describes a cross-site request forgery (CSRF) vulnerability affecting Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. An unauthenticated remote attacke...
CVE-2025-55142
CVE-2025-55142 describes a missing authorization in Ivanti Connect Secure and related Ivanti products that permits a remote authenticated attacker with read-only admin privileges to configure authentication-related settings. According to multiple sources, the issue affects Ivanti Connect Secure (...
CVE-2025-55144
CVE-2025-55144 affects Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. The vulnerability is a missing authorization flaw that lets a remote authenticated attacker with read‑only admin privileges configure restricted settings. Affected versions: Connect Secure &l...
CVE-2025-55141
The CVE-2025-55141 issue affects Ivanti Connect Secure (before 22.7R2.9 or 22.8R2), Ivanti Policy Secure (before 22.7R1.6), Ivanti ZTA Gateway (before 2.8R2.3-723), and Ivanti Neurons for Secure Access (before 22.8R1.4). Root cause: missing authorization that allows a remote authenticated attacke...
CVE-2025-55147
CVE-2025-55147 describes a CSRF flaw in Ivanti Connect Secure (before 22.7R2.9/22.8R2), Ivanti Policy Secure (before 22.7R1.6), Ivanti ZTA Gateway (before 2.8R2.3-723), and Ivanti Neurons for Secure Access (before 22.8R1.4). The fix deployed on 02-Aug-2025. The vulnerability allows a remote unaut...