CVE-2025-5468
Last modified
CVE-2025-5468 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ivanti | Connect Secure | < 22.7 | — |
| Ivanti | Connect Secure | 22.7 | — |
| Ivanti | Policy Secure | < 22.7 | — |
| Ivanti | Policy Secure | 22.7 | — |
| Ivanti | Zero Trust Access Gateway | 22.8 | R2.2 |
| Ivanti | Neurons For Secure Access | < 22.8 | — |
| Ivanti | Neurons For Secure Access | 22.8 | R1 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-5468?
How severe is CVE-2025-5468?
How do I fix CVE-2025-5468?
Are you affected by CVE-2025-5468?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST