Cyber Resilience

CVE-2025-55141

High

Published: 09 September 2025

Published
09 September 2025
Modified
24 September 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0384 88.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55141 is a high-severity Missing Authorization (CWE-862) vulnerability in Ivanti Connect Secure. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Modify Authentication Process (T1556); ranked in the top 11.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-55141 is a missing authorization vulnerability (CWE-862) present in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. The flaw permits unauthorized configuration changes to authentication settings despite the presence of access controls.

A remote authenticated attacker holding only read-only administrator privileges can exploit the issue over the network to modify authentication-related settings. Successful exploitation yields high impact to confidentiality, integrity, and availability, reflected in the CVSS 3.1 base score of 8.8.

The vendor advisory recommends applying the fixed releases, with the relevant patches deployed on 02-Aug-2025 for the listed products. The associated EPSS score remains low, with a current value of 0.0384 and a peak of 0.0398.

EU & UK References

Vulnerability details

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin…

more

privileges to configure authentication related settings.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1556 Modify Authentication Process Defense Impairment
Adversaries may modify authentication mechanisms and processes to access user credentials or enable otherwise unwarranted access to accounts.
Why these techniques?

Missing authorization on authentication configuration directly enables adversaries to modify authentication processes (T1556) to weaken mechanisms and facilitate further access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-55142Same product: Ivanti Connect Secure
CVE-2025-55145Same product: Ivanti Connect Secure
CVE-2025-55147Same product: Ivanti Connect Secure
CVE-2024-10644Same product: Ivanti Connect Secure
CVE-2025-0283Same product: Ivanti Connect Secure
CVE-2025-0282Same product: Ivanti Connect Secure
CVE-2025-22467Same product: Ivanti Connect Secure
CVE-2025-8310Same vendor: Ivanti
CVE-2024-13172Same vendor: Ivanti
CVE-2024-13167Same vendor: Ivanti

Affected Assets

ivanti
connect secure
22.7 · ≤ 22.7
ivanti
policy secure
22.7 · ≤ 22.7
ivanti
zero trust access gateway
22.8
ivanti
neurons for secure access
22.8 · ≤ 22.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege by ensuring read-only admin accounts cannot modify authentication settings, directly preventing exploitation of missing authorization.

prevent

Restricts access to configuration changes, including authentication settings, to authorized users only, mitigating unauthorized modifications by read-only admins.

prevent

Requires enforcement mechanisms for approved authorizations, addressing the lack of checks that allowed read-only admins to configure authentication settings.

References