Source: Ministry of education information & communication security contingency platform
"" "" "" ""
| Publication Number | TACERT-ANA-2025091208091515 | Publication Time | 2025/09/12 08:41 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/09/12 08:41 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Multiple critical cybersecurity vulnerabilities found in Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access |
|||
|
[Content] 【CVE-2025-55142, CVSS: 8.8】 This vulnerability is due to a lack of authorization mechanism in the affected devices, allowing an authenticated attacker with read-only administrator privileges to modify authentication-related configurations. 【CVE-2025-55145, CVSS: 8.9】 This vulnerability is due to a lack of authorization mechanism in the affected devices, allowing an authenticated remote attacker to hijack existing HTML5 connections. 【CVE-2025-55147, CVSS: 8.8】 This vulnerability is a CSRF flaw in the affected devices, allowing an authenticated remote attacker to perform sensitive operations on behalf of the victim user." |
|||
|
[Affected Platform] ● Ivanti Policy Secure versions 22.7R1.5 and earlier ● Ivanti ZTA Gateway versions 2.8R2.2 and earlier ● Ivanti Neurons for Secure Accessway versions 22.8R1.3 and earlier |
|||
|
[Recommended Actions] ● Ivanti Connect Secure 22.8R2 ● Ivanti Policy Secure 22.7R1.6 ● Ivanti ZTA Gateway 2.8R2.3-723 ● Ivanti Neurons for Secure Accessway 22.8R1.4 |
|||
|
[Reference] https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs 2. CVE-2025-55141: https://nvd.nist.gov/vuln/detail/CVE-2025-55141 3. CVE-2025-55142: https://nvd.nist.gov/vuln/detail/CVE-2025-55142 4. CVE-2025-55145: https://nvd.nist.gov/vuln/detail/CVE-2025-55145 5. CVE-2025-55147: https://nvd.nist.gov/vuln/detail/CVE-2025-55147" |
|||