Ivanti Connect Secure 22.7 R2.8
Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:connect_secure:22.7:r2.8:*:*:*:*:*:*
part: a version: 22.7 update: r2.8
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Connect Secure (61f5b622-21c4-5d14-b120-bd5f32132cfb) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-8712 |
vulnerable | 2026-06-03 15:13:44.584971 |
Details available
MEDIUM (5.4)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:12:38.985Z
Updated: 2025-09-10T17:25:48.443Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8711 |
vulnerable | 2026-06-03 15:13:44.569904 |
Details available
MEDIUM (5.4)
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required.
Published: 2025-09-09T15:17:25.292Z
Updated: 2025-09-09T17:32:23.793Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55148 |
vulnerable | 2026-06-03 15:04:57.767130 |
Details available
HIGH (7.6)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:37:45.415Z
Updated: 2025-09-09T17:31:58.340Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55147 |
vulnerable | 2026-06-03 15:04:57.765204 |
Details available
HIGH (8.8)
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required
Published: 2025-09-09T15:32:25.940Z
Updated: 2026-02-26T17:49:03.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55146 |
vulnerable | 2026-06-03 15:04:57.763015 |
Details available
MEDIUM (4.9)
An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.
Published: 2025-09-09T15:28:10.038Z
Updated: 2025-09-09T17:32:12.057Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55145 |
vulnerable | 2026-06-03 15:04:57.761252 |
Details available
HIGH (8.9)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5 connections.
Published: 2025-09-09T15:22:05.340Z
Updated: 2026-02-26T17:49:03.893Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55144 |
vulnerable | 2026-06-03 15:04:57.742024 |
Details available
MEDIUM (5.4)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:55:30.629Z
Updated: 2025-09-09T17:31:23.981Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55143 |
vulnerable | 2026-06-03 15:04:57.740406 |
Details available
MEDIUM (6.1)
Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required.
Published: 2025-09-09T15:52:50.837Z
Updated: 2025-09-09T17:31:30.593Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55142 |
vulnerable | 2026-06-03 15:04:57.738467 |
Details available
HIGH (8.8)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Published: 2025-09-09T15:49:20.192Z
Updated: 2026-02-26T17:49:02.701Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55141 |
vulnerable | 2026-06-03 15:04:57.736459 |
Details available
HIGH (8.8)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Published: 2025-09-09T15:45:52.822Z
Updated: 2026-02-26T17:49:02.944Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55139 |
vulnerable | 2026-06-03 15:04:57.724979 |
Details available
MEDIUM (6.8)
SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.
Published: 2025-09-09T15:41:16.568Z
Updated: 2025-09-09T17:31:52.640Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.