Critical Vulnerability in Ivanti Connect Secure (CVE-2025-55147)

Executive Summary

On September 9^th, Ivanti published an advisory detailing multiple security vulnerabilities found in their Connect Secure, Policy Secure, ZTA Gateway, and Neurons products. The advisory contains multiple vulnerabilities, the most critical of which is CVE-2025-55147. That vulnerability is a cross-site request forgery (CSRF) bug that allows an unauthenticated threat actor the ability to execute sensitive actions on behalf of a victim user. Successful exploitation requires user interaction from the victim.

Connect Secure is a VPN product, which organizations normally deploy as internet facing by design. This heightens the risk, as a successful exploit would grant a threat actor initial access to an organization’s internal network.

This vulnerability was found and reported to Ivanti via a legitimate responsible disclosure program, and they have reported no currently known instances of active use in the wild.

Security fixes were developed and released with the advisory, and Beazley Security strongly recommends affected organizations update their systems as soon as possible.

Affected Systems or Products

Products	Affected	Unaffected
Ivanti Connect Secure	22.7R2.8 and prior	22.7R2.9 OR 22.8R2
Ivanti Policy Secure	22.7R1.4 and prior	22.7R1.5
ZTA Gateways	22.8R2.2	22.8R2.3-723
Neurons for Secure Access	22.8R1.3 and prior	22.8R1.4

‍

Mitigations / Workarounds

There are no recommended mitigations or workarounds for CVE-2025-55147.

The advisory does, however, report that for the other vulnerabilities covered in the advisory, risk can be partially mitigated by ensuring the administration portal is not exposed to the internet.

Patches

Security fixes were released with the advisory and can be retrieved via normal product upgrade methods. Ivanti has further details at https://portal.ivanti.com.

Technical Details

Technical specifics for the software bug that caused CVE-2025-55147 have not been publicly released, but this general type of vulnerability (CSRF) is well documented. A CSRF bug allows a threat actor to execute system functions on behalf of a targeted, currently logged-in user.

The threat actor typically needs to re-direct the victim’s browser, so this type of exploit commonly involves a social engineering aspect that tricks the target user into clicking on a link or viewing an attacker-controlled web page. That link or web page would contain payload that would redirect the victim browser to the vulnerable appliance and attempt to execute device functionality on behalf of the victim account.

How Beazley Security is Responding

Beazley Security is monitoring client perimeter devices through our Karma product to identify impacted devices and support organizations in remediation of any issues found.

We are also conducting threat hunts across our MDR environment to detect potential exploitation attempts against our clients.

Sources

Download PDF

Aware of an incident impacting your industry? Let us know:

Report an incident

Prepare

Implement

Defend

Respond

Manage Risk

Beazley Insured

Featured Industries

Enabling readiness and resilience from pre-breach to remediation.

Bringing extensive experience to every engagement.

Nice to meet you. Find out more about our company here.

The latest insights and advisories from our team