Volerion logoVolerion
Volerion logoVolerion

Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access Missing Authorization Vulnerability

Vulnerability

A missing authorization vulnerability has been identified in multiple Ivanti products, including Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. This vulnerability affects several different versions and stems from inadequate authorization checks, allowing remote authenticated attackers with read-only admin privileges to modify authentication-related settings. The issue has been addressed in recent updates.

Impact

Exploitation of this vulnerability allows remote authenticated attackers with read-only admin privileges to configure authentication-related settings, potentially leading to unauthorized access or modifications within the application.

Remediation

Users of Ivanti Connect Secure should update to version 22.7R2.9 or 22.8R2. Users of Ivanti Policy Secure should update to version 22.7R1.5. Version 22.8R2.3-723 is available for ZTA Gateways. For Neurons for Secure Access, the fix has been applied to cloud environments.

Added: Sep 9, 2025, 4:23 PM
Updated: Sep 9, 2025, 4:38 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
5.0
exploitability
5.4
remediation
7.9
relevance
0.5
threat
0.1
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.