Ivanti released its security bulletin for September, addressing 13 vulnerabilities. The vulnerabilities impact Ivanti Endpoint Manager, Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access.
As per the Ivanti advisory, no proof exists for any of the vulnerabilities being exploited in the wild.
CVE-2025-9712 & CVE-2025-9872
Both vulnerabilities have high severity ratings with a CVSS score of 8.8. An insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 may allow a remote unauthenticated attacker to achieve remote code execution. User interaction is required for successful exploitation of the vulnerability.
CVE-2025-55145
The vulnerability has a high severity rating with a CVSS score of 8.9. Missing authorization flaw impacts Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. Successful exploitation of the vulnerability may allow a remote authenticated attacker to hijack existing HTML5 connections.
CVE-2025-55147
The vulnerability has a high severity rating with a CVSS score of 8.8. A Cross-Site Request Forgery flaw impacts Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. Upon successful exploitation, a remote unauthenticated attacker may execute sensitive actions on behalf of the victim user. User interaction is required for successful exploitation of the vulnerability.
CVE-2025-55141 & CVE-2025-55142
Both vulnerabilities have a high severity rating with a CVSS score of 8.8. A missing authorization flaw impacts Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. Successful exploitation of the vulnerabilities allows a remote authenticated attacker with read-only admin privileges to configure authentication-related settings.
CVE-2025-55148
The vulnerability has a high severity rating with a CVSS score of 7.6. A missing authorization flaw impacts Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. A remote authenticated attacker with read-only admin privileges can configure restricted settings upon successful exploitation.
CVE-2025-55139
The vulnerability has a medium severity rating with a CVSS score of 6.8. A Server-Side Request Forgery impacts Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. A remote authenticated attacker with admin privileges can enumerate internal services upon successful exploitation.
CVE-2025-55143
The vulnerability has a medium severity rating with a CVSS score of 6.1. A reflected text injection flaw impacts Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. Upon successful exploitation, a remote unauthenticated attacker can inject arbitrary text into a crafted HTTP response. User interaction is required for successful exploitation of the vulnerability.
CVE-2025-8712
The vulnerability has a medium severity rating with a CVSS score of 5.4. Missing authorization impacts Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. Upon successful exploitation, a remote authenticated attacker with read-only admin privileges to configure restricted settings.
CVE-2025-8711
The vulnerability has a medium severity rating with a CVSS score of 5.4. A cross-site request forgery flaw impacts Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required for successful exploitation of the vulnerability.
CVE-2025-55144
The vulnerability has a medium severity rating with a CVSS score of 5.4. A missing authorization flaw impacts Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. Successful exploitation of the vulnerability may allow a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Affected and Patched Versions
| Product Name | Affected Versions | Patched Versions |
| Ivanti Endpoint Manager | 2022 SU8 Security Update 1 and prior | 2022 SU8 Security Release 2 |
| Ivanti Endpoint Manager | 2024 SU3 and prior | 2024 SU3 Security Release 1 |
| Ivanti Connect Secure | 22.7R2.8 and prior | 22.7R2.9 OR 22.8R2 |
| Ivanti Policy Secure | 22.7R1.5 and prior | 22.7R1.6 |
| ZTA Gateways | 22.8R2.2 | 22.8R2.3-723 |
| Neurons for Secure Access | 22.8R1.3 and prior | 22.8R1.4 |
For more information, please refer to the Ivanti Security Advisories.
Qualys Detection
Qualys customers can scan their devices with QIDs 733161 and 733163 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://forums.ivanti.com/s/article/Security-Advisory-September-2025-for-Ivanti-EPM-2024-SU3-and-EPM-2022-SU8?language=en_US
https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US&_gl=1*1qims4n*_gcl_au*MTI1ODIyMTgzOC4xNzU2ODA3OTMy