CVE-2025-55146 - Vulnerability Details - OpenCVE

An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ivanti	Connect Secure Neurons For Secure Access Policy Secure Zta Gateway

No data.

No data.

References

Link	Providers
https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US

History

Tue, 09 Sep 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ivanti Ivanti connect Secure Ivanti neurons For Secure Access Ivanti policy Secure Ivanti zta Gateway
Vendors & Products		Ivanti Ivanti connect Secure Ivanti neurons For Secure Access Ivanti policy Secure Ivanti zta Gateway

Tue, 09 Sep 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.
Weaknesses		CWE-252
References		https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: ivanti

Published: 2025-09-09T15:28:10.038Z

Updated: 2025-09-09T17:32:12.057Z

Reserved: 2025-08-07T16:15:48.897Z

Link: CVE-2025-55146

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-09-09T16:15:34.890

Modified: 2025-09-09T16:28:43.660

Link: CVE-2025-55146

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-55146", "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "state": "PUBLISHED", "assignerShortName": "ivanti", "dateReserved": "2025-08-07T16:15:48.897Z", "datePublished": "2025-09-09T15:28:10.038Z", "dateUpdated": "2025-09-09T17:32:12.057Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Connect Secure", "vendor": "Ivanti", "versions": [{"status": "unaffected", "version": "22.7R2.9"}, {"status": "unaffected", "version": "22.8R2"}]}, {"defaultStatus": "affected", "product": "Policy Secure", "vendor": "Ivanti", "versions": [{"status": "unaffected", "version": "22.7R1.6"}]}, {"defaultStatus": "affected", "product": "ZTA Gateway", "vendor": "Ivanti", "versions": [{"status": "unaffected", "version": "2.8R2.3-723"}]}, {"defaultStatus": "affected", "product": "Neurons for Secure Access", "vendor": "Ivanti", "versions": [{"status": "unaffected", "version": "22.8R1.4 (Fix deployed on 02-Aug-2025)"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.</span><br>"}], "value": "An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service."}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469: HTTP DoS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-252", "description": "CWE-252 Unchecked Return Value", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "shortName": "ivanti", "dateUpdated": "2025-09-09T15:28:10.038Z"}, "references": [{"url": "https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-09T16:05:43.077332Z", "id": "CVE-2025-55146", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-09T17:32:12.057Z"}}]}}