CVE-2025-55147
Published: 09 September 2025
Summary
CVE-2025-55147 is a high-severity CSRF (CWE-352) vulnerability in Ivanti Connect Secure. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and IA-11 (Re-authentication).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 requires mechanisms like anti-CSRF tokens to protect session authenticity, directly preventing forged requests that exploit this CSRF vulnerability.
IA-11 mandates re-authentication for sensitive actions, blocking CSRF exploitation of victim sessions without additional credentials.
SI-10 enforces validation of information inputs, including CSRF tokens in requests, to mitigate forged state-changing actions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF in public-facing Ivanti remote access gateway directly enables remote exploitation of the application (T1190) via crafted links or pages to perform unauthorized privileged actions.
NVD Description
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions…
more
on behalf of the victim user. User interaction is required
Deeper analysisAI
CVE-2025-55147 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, affecting multiple Ivanti products. It impacts Ivanti Connect Secure versions before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
A remote unauthenticated attacker can exploit this CSRF flaw by tricking an authenticated victim user into performing an unintended action, such as clicking a malicious link or visiting a crafted webpage. User interaction is required for successful exploitation. Upon success, the attacker can execute sensitive actions on behalf of the victim, potentially leading to unauthorized access, data modification, or other administrative privileges within the affected Ivanti gateways.
Ivanti's September Security Advisory details patches for this and related CVEs, recommending immediate upgrades to the fixed versions: Ivanti Connect Secure 22.7R2.9 or 22.8R2, Ivanti Policy Secure 22.7R1.6, Ivanti ZTA Gateway 2.8R2.3-723, and Ivanti Neurons for Secure Access 22.8R1.4 (with a fix deployed on 2025-08-02). Additional mitigation guidance is available at https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US.
Details
- CWE(s)