Cyber Resilience

CVE-2025-55142

High

Published: 09 September 2025

Published
09 September 2025
Modified
24 September 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0384 88.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55142 is a high-severity Missing Authorization (CWE-862) vulnerability in Ivanti Connect Secure. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 11.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

The vulnerability is a missing authorization flaw, tracked as CWE-862, that affects Ivanti Connect Secure prior to versions 22.7R2.9 or 22.8R2, Ivanti Policy Secure prior to 22.7R1.6, Ivanti ZTA Gateway prior to 2.8R2.3-723, and Ivanti Neurons for Secure Access prior to 22.8R1.4. It carries a CVSS 3.1 score of 8.8 and permits unauthorized changes to authentication settings.

A remote authenticated attacker holding only read-only administrator privileges can exploit the issue over the network to modify authentication-related configuration, resulting in high impact to confidentiality, integrity, and availability.

The September Security Advisory published by Ivanti details the affected products and confirms that fixes have been deployed, including on 02-Aug-2025 for Ivanti Neurons for Secure Access. The associated EPSS score remains low, with a current value of 0.0384 and a peak of 0.0398.

EU & UK References

Vulnerability details

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin…

more

privileges to configure authentication related settings.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1556 Modify Authentication Process Defense Impairment
Adversaries may modify authentication mechanisms and processes to access user credentials or enable otherwise unwarranted access to accounts.
Why these techniques?

Missing authorization (CWE-862) allows low-privileged authenticated admin to modify auth settings, directly enabling privilege escalation (T1068) and modification of authentication mechanisms (T1556).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-55141Same product: Ivanti Connect Secure
CVE-2025-55145Same product: Ivanti Connect Secure
CVE-2025-55147Same product: Ivanti Connect Secure
CVE-2025-0283Same product: Ivanti Connect Secure
CVE-2024-10644Same product: Ivanti Connect Secure
CVE-2025-22467Same product: Ivanti Connect Secure
CVE-2025-0282Same product: Ivanti Connect Secure
CVE-2025-8310Same vendor: Ivanti
CVE-2026-8110Same vendor: Ivanti
CVE-2024-13169Same vendor: Ivanti

Affected Assets

ivanti
connect secure
22.7 · ≤ 22.7
ivanti
policy secure
22.7 · ≤ 22.7
ivanti
zero trust access gateway
22.8
ivanti
neurons for secure access
22.8 · ≤ 22.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations, directly preventing read-only admins from configuring authentication settings.

prevent

Applies least privilege to ensure read-only admin accounts cannot modify sensitive authentication configurations.

prevent

Restricts access to mechanisms for changing system configurations, such as authentication settings, beyond read-only privileges.

References