CVE-2025-55141
Published: 09 September 2025
Summary
CVE-2025-55141 is a high-severity Missing Authorization (CWE-862) vulnerability in Ivanti Connect Secure. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Modify Authentication Process (T1556); ranked in the top 13.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces least privilege by ensuring read-only admin accounts cannot modify authentication settings, directly preventing exploitation of missing authorization.
Restricts access to configuration changes, including authentication settings, to authorized users only, mitigating unauthorized modifications by read-only admins.
Requires enforcement mechanisms for approved authorizations, addressing the lack of checks that allowed read-only admins to configure authentication settings.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization on authentication configuration directly enables adversaries to modify authentication processes (T1556) to weaken mechanisms and facilitate further access.
NVD Description
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin…
more
privileges to configure authentication related settings.
Deeper analysisAI
CVE-2025-55141 is a missing authorization vulnerability (CWE-862) present in Ivanti Connect Secure prior to versions 22.7R2.9 or 22.8R2, Ivanti Policy Secure prior to 22.7R1.6, Ivanti ZTA Gateway prior to 2.8R2.3-723, and Ivanti Neurons for Secure Access prior to 22.8R1.4. Published on September 9, 2025, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts stemming from inadequate access controls on authentication configuration features.
The vulnerability can be exploited by a remote authenticated attacker possessing read-only admin privileges, who can then modify authentication-related settings without proper authorization. This access enables alterations that could compromise the security posture of the affected gateways, such as weakening authentication mechanisms and facilitating further unauthorized actions within the environment.
Ivanti's security advisory details patches for the vulnerable products, recommending immediate upgrades to the specified fixed versions. For Ivanti Neurons for Secure Access, a fix was deployed on August 2, 2025. Full mitigation guidance and additional context on multiple related CVEs are provided in the official advisory at https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US.
Details
- CWE(s)