CVE-2025-55146

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-55146
An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.7:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.8:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.5:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:ivanti:zero_trust_access_gateway:22.8:r2.2:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:ivanti:neurons_for_secure_access:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.3:*:*:*:*:*:*
History

24 Sep 2025, 19:58

Type Values Removed Values Added
CPE cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.8:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.7:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:zero_trust_access_gateway:22.8:r2.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*
References () https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US - () https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US - Vendor Advisory
First Time Ivanti policy Secure
Ivanti zero Trust Access Gateway
Ivanti connect Secure
Ivanti neurons For Secure Access
Ivanti

09 Sep 2025, 16:28

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-09 16:15

Updated : 2025-09-24 19:58

NVD link : CVE-2025-55146

Mitre link : CVE-2025-55146

CVE.ORG link : CVE-2025-55146

JSON object : View

Products Affected

ivanti

  • neurons_for_secure_access
  • policy_secure
  • connect_secure
  • zero_trust_access_gateway
CWE
CWE-252

Unchecked Return Value