Ivanti Connect Secure
Moderate fix2 remedies
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*
Moderate fix2 remedies
- <= 22.7R2.7
- <= 22.8R2
Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access Symbolic Link Vulnerability Allowing Arbitrary File Read
Vulnerability
Patched
A vulnerability exists in Ivanti Connect Secure (ICS) versions prior to 22.7R2.8 or 22.8R2, Ivanti Policy Secure (IPS) versions prior to 22.7R1.5, Ivanti ZTA Gateway versions prior to 22.8R2.3-723, and Ivanti Neurons for Secure Access versions prior to 22.8R1.4. This vulnerability arises from improper handling of symbolic links, which allows a local authenticated attacker to read arbitrary files from the disk.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the system.
Remediation
Users of Ivanti Connect Secure should update to version 22.7R2.8 or 22.8R2. Users of Ivanti Policy Secure should update to version 22.7R1.5. Ivanti ZTA Gateway users should update to version 22.8R2.3-723, available in the controller for download. For Ivanti Neurons for Secure Access, the fix has been applied to cloud environments as of August 2, 2025.
Added: Aug 12, 2025, 3:37 PM
Updated: Aug 12, 2025, 3:37 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
2.5exploitability
4.0remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.