Ivanti Connect Secure 22.7 R2.6

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:connect_secure:22.7:r2.6:*:*:*:*:*:*

part: a version: 22.7 update: r2.6

VendorIvanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129)
ProductConnect Secure (61f5b622-21c4-5d14-b120-bd5f32132cfb)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-8712 vulnerable 2026-06-03 15:13:44.584934 Details available
MEDIUM (5.4)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:12:38.985Z
Updated: 2025-09-10T17:25:48.443Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-8711 vulnerable 2026-06-03 15:13:44.567696 Details available
MEDIUM (5.4)
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required.
Published: 2025-09-09T15:17:25.292Z
Updated: 2025-09-09T17:32:23.793Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-5468 vulnerable 2026-06-03 15:07:53.685217 Details available
MEDIUM (5.5)
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.
Published: 2025-08-12T15:05:23.222Z
Updated: 2025-08-12T18:58:34.165Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-5466 vulnerable 2026-06-03 15:07:53.665027 Details available
MEDIUM (4.9)
XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service
Published: 2025-08-12T15:00:05.978Z
Updated: 2025-08-12T19:00:58.665Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-5464 vulnerable 2026-06-03 15:07:53.663032 Details available
MEDIUM (6.5)
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.
Published: 2025-07-08T15:32:32.212Z
Updated: 2025-07-08T15:57:58.608Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-5463 vulnerable 2026-06-03 15:07:53.655815 Details available
MEDIUM (5.5)
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
Published: 2025-07-08T15:02:38.657Z
Updated: 2025-07-08T20:39:29.302Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-5462 vulnerable 2026-06-03 15:07:53.653864 Details available
HIGH (7.5)
A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service.
Published: 2025-08-12T14:56:19.798Z
Updated: 2025-08-12T15:08:46.265Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-5456 vulnerable 2026-06-03 15:07:53.637936 Details available
HIGH (7.5)
A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125
Published: 2025-08-12T14:50:46.329Z
Updated: 2025-08-12T15:05:53.651Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-5451 vulnerable 2026-06-03 15:07:53.336252 Details available
MEDIUM (4.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.
Published: 2025-07-08T15:02:00.522Z
Updated: 2025-07-08T20:43:37.606Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-5450 vulnerable 2026-06-03 15:07:53.326058 Details available
MEDIUM (6.3)
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
Published: 2025-07-08T15:00:02.314Z
Updated: 2025-07-08T20:42:58.412Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-55148 vulnerable 2026-06-03 15:04:57.767001 Details available
HIGH (7.6)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:37:45.415Z
Updated: 2025-09-09T17:31:58.340Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-55147 vulnerable 2026-06-03 15:04:57.765057 Details available
HIGH (8.8)
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required
Published: 2025-09-09T15:32:25.940Z
Updated: 2026-02-26T17:49:03.552Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-55146 vulnerable 2026-06-03 15:04:57.762782 Details available
MEDIUM (4.9)
An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.
Published: 2025-09-09T15:28:10.038Z
Updated: 2025-09-09T17:32:12.057Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-55145 vulnerable 2026-06-03 15:04:57.761105 Details available
HIGH (8.9)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5 connections.
Published: 2025-09-09T15:22:05.340Z
Updated: 2026-02-26T17:49:03.893Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-55144 vulnerable 2026-06-03 15:04:57.741988 Details available
MEDIUM (5.4)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:55:30.629Z
Updated: 2025-09-09T17:31:23.981Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-55143 vulnerable 2026-06-03 15:04:57.740372 Details available
MEDIUM (6.1)
Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required.
Published: 2025-09-09T15:52:50.837Z
Updated: 2025-09-09T17:31:30.593Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-55142 vulnerable 2026-06-03 15:04:57.738433 Details available
HIGH (8.8)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Published: 2025-09-09T15:49:20.192Z
Updated: 2026-02-26T17:49:02.701Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-55141 vulnerable 2026-06-03 15:04:57.736298 Details available
HIGH (8.8)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Published: 2025-09-09T15:45:52.822Z
Updated: 2026-02-26T17:49:02.944Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-55139 vulnerable 2026-06-03 15:04:57.723589 Details available
MEDIUM (6.8)
SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.
Published: 2025-09-09T15:41:16.568Z
Updated: 2025-09-09T17:31:52.640Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-0293 vulnerable 2026-06-03 14:58:32.012139 Details available
MEDIUM (6.6)
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
Published: 2025-07-08T15:33:05.165Z
Updated: 2025-07-08T16:02:46.037Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-0292 vulnerable 2026-06-03 14:58:32.007805 Details available
MEDIUM (5.5)
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
Published: 2025-07-08T15:33:24.245Z
Updated: 2025-07-09T20:48:09.166Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.