Introduction
A remote attacker with only read-only administrative access can reconfigure authentication on your Ivanti Connect Secure or Policy Secure appliance. This is not a hypothetical risk: the flaw allows privilege escalation and direct tampering with authentication mechanisms that should be tightly controlled in any enterprise environment.
Ivanti is a major provider of secure remote access, network policy enforcement, and zero trust solutions. Their Connect Secure (formerly Pulse Secure), Policy Secure, ZTA Gateway, and Neurons for Secure Access platforms are widely deployed in government, healthcare, and critical infrastructure. With a global customer base and a history of critical vulnerabilities, Ivanti products are a frequent target for advanced threat actors.
Technical Information
CVE-2025-55142 is a missing authorization vulnerability (CWE-862) in the administrative interfaces of several Ivanti security products. The flaw allows a remote authenticated attacker with read-only administrative privileges to modify authentication-related settings. This includes configuration parameters for password policies, multi-factor authentication, and external identity provider integration.
The vulnerability exists because the affected products do not properly enforce privilege checks in the code paths responsible for authentication configuration. Instead of restricting these actions to fully privileged administrators, the system allows users with read-only admin roles to perform sensitive changes. This violates the intended access control model and enables privilege escalation within the administrative interface.
The vulnerability is remotely exploitable by any authenticated user with read-only admin access. No public exploit details or code snippets are available. The issue is present in both the web-based administrative UI and likely in associated management APIs.
Affected Systems and Versions
- Ivanti Connect Secure: all versions before 22.7R2.9 or 22.8R2
- Ivanti Policy Secure: all versions before 22.7R1.6
- Ivanti ZTA Gateway: all versions before 2.8R2.3-723
- Ivanti Neurons for Secure Access: all versions before 22.8R1.4
Any configuration where read-only admin accounts exist is vulnerable if running an affected version.
Vendor Security History
Ivanti has experienced multiple critical vulnerabilities in 2025, including:
- CVE-2025-22457: Stack-based buffer overflow in Connect Secure, exploited by UNC5221
- CVE-2025-0282 and CVE-2025-0283: Remote code execution and privilege escalation in Connect Secure, Policy Secure, and ZTA
- CVE-2025-4427 and CVE-2025-4428: Zero-days in Endpoint Manager Mobile, also exploited in the wild
Ivanti has accelerated its patch release cycle and improved advisory transparency, but the recurrence of authorization and memory safety flaws indicates ongoing architectural and process challenges.