Ivanti Connect Secure CVE-2025-55142 Authorization Bypass: Brief Summary and Technical Review

A brief summary of CVE-2025-55142, a high-severity authorization bypass in Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. This post covers affected versions, technical details, and vendor security history based on available public sources.
CVE Analysis

7 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-09-09

Ivanti Connect Secure CVE-2025-55142 Authorization Bypass: Brief Summary and Technical Review
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

A remote attacker with only read-only administrative access can reconfigure authentication on your Ivanti Connect Secure or Policy Secure appliance. This is not a hypothetical risk: the flaw allows privilege escalation and direct tampering with authentication mechanisms that should be tightly controlled in any enterprise environment.

Ivanti is a major provider of secure remote access, network policy enforcement, and zero trust solutions. Their Connect Secure (formerly Pulse Secure), Policy Secure, ZTA Gateway, and Neurons for Secure Access platforms are widely deployed in government, healthcare, and critical infrastructure. With a global customer base and a history of critical vulnerabilities, Ivanti products are a frequent target for advanced threat actors.

Technical Information

CVE-2025-55142 is a missing authorization vulnerability (CWE-862) in the administrative interfaces of several Ivanti security products. The flaw allows a remote authenticated attacker with read-only administrative privileges to modify authentication-related settings. This includes configuration parameters for password policies, multi-factor authentication, and external identity provider integration.

The vulnerability exists because the affected products do not properly enforce privilege checks in the code paths responsible for authentication configuration. Instead of restricting these actions to fully privileged administrators, the system allows users with read-only admin roles to perform sensitive changes. This violates the intended access control model and enables privilege escalation within the administrative interface.

The vulnerability is remotely exploitable by any authenticated user with read-only admin access. No public exploit details or code snippets are available. The issue is present in both the web-based administrative UI and likely in associated management APIs.

Affected Systems and Versions

  • Ivanti Connect Secure: all versions before 22.7R2.9 or 22.8R2
  • Ivanti Policy Secure: all versions before 22.7R1.6
  • Ivanti ZTA Gateway: all versions before 2.8R2.3-723
  • Ivanti Neurons for Secure Access: all versions before 22.8R1.4

Any configuration where read-only admin accounts exist is vulnerable if running an affected version.

Vendor Security History

Ivanti has experienced multiple critical vulnerabilities in 2025, including:

  • CVE-2025-22457: Stack-based buffer overflow in Connect Secure, exploited by UNC5221
  • CVE-2025-0282 and CVE-2025-0283: Remote code execution and privilege escalation in Connect Secure, Policy Secure, and ZTA
  • CVE-2025-4427 and CVE-2025-4428: Zero-days in Endpoint Manager Mobile, also exploited in the wild

Ivanti has accelerated its patch release cycle and improved advisory transparency, but the recurrence of authorization and memory safety flaws indicates ongoing architectural and process challenges.

References

Detect & fix
what others miss