Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Ivanti |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
No data.
References
History
Wed, 24 Sep 2025 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ivanti zero Trust Access Gateway
|
|
| CPEs | cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r2.5:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r2.6:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r2.7:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r2.8:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:neurons_for_secure_access:*:*:*:*:*:*:*:* cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.1:*:*:*:*:*:* cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.2:*:*:*:*:*:* cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.3:*:*:*:*:*:* cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.7:r1.3:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.7:r1.4:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.7:r1.5:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:zero_trust_access_gateway:22.8:r2.2:*:*:*:*:*:* |
|
| Vendors & Products |
Ivanti zero Trust Access Gateway
|
Wed, 10 Sep 2025 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Wed, 10 Sep 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 09 Sep 2025 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ivanti
Ivanti connect Secure Ivanti neurons For Secure Access Ivanti policy Secure Ivanti zta Gateway |
|
| Vendors & Products |
Ivanti
Ivanti connect Secure Ivanti neurons For Secure Access Ivanti policy Secure Ivanti zta Gateway |
Tue, 09 Sep 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 09 Sep 2025 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings. | |
| Weaknesses | CWE-862 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ivanti
Published: 2025-09-09T15:12:38.985Z
Updated: 2025-09-10T17:25:48.443Z
Reserved: 2025-08-07T16:15:56.461Z
Link: CVE-2025-8712
Vulnrichment
Updated: 2025-09-09T15:28:15.833Z
NVD
Status : Analyzed
Published: 2025-09-09T16:15:35.613
Modified: 2025-09-24T19:56:42.603
Link: CVE-2025-8712
Redhat
No data.