CVE-2025-55146
Last modified
CVE-2025-55146 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.. EPSS estimates a 0.74% chance of exploitation in the next 30 days.
Description
An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ivanti | Connect Secure | < 22.7 | — |
| Ivanti | Connect Secure | 22.7 | — |
| Ivanti | Policy Secure | < 22.7 | — |
| Ivanti | Policy Secure | 22.7 | — |
| Ivanti | Zero Trust Access Gateway | 22.8 | R2.2 |
| Ivanti | Neurons For Secure Access | < 22.8 | — |
| Ivanti | Neurons For Secure Access | 22.8 | R1 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-55146?
How severe is CVE-2025-55146?
How do I fix CVE-2025-55146?
Are you affected by CVE-2025-55146?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST