High

Missing Authorization in Ivanti Administrative Authentication Settings

IdentifiersCVE-2025-55142CWE-862· Missing Authorization

CVE-2025-55142 is a missing authorization vulnerability in the administrative interfaces of Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. The flaw stems from improper privilege enforcement in code paths that handle authentication-related configuration. As a result, a remote authenticated user holding only read-only administrative privileges can perform sensitive configuration changes that should be restricted to higher-privileged administrators. Based on the provided content, affected settings may include password policies, multi-factor authentication configuration, and external identity provider or authentication integration settings. The issue is present in the web-based administrative UI and may also affect associated management APIs.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a low-privileged administrative user to alter authentication-related settings, undermining the intended separation of duties within the administrative plane. This can enable effective privilege escalation within the management interface, weakening or changing authentication controls, interfering with MFA enforcement, modifying identity provider integrations, and potentially facilitating broader unauthorized administrative access or reducing the security posture of the appliance or service. The vulnerability affects security-sensitive infrastructure products, so compromise of authentication configuration could have downstream effects on access control and trust relationships.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict or eliminate read-only administrative accounts where operationally feasible, especially on internet-reachable management planes. Limit access to administrative interfaces to trusted management networks, enforce strong authentication for all admin roles, and monitor for unauthorized changes to authentication settings such as MFA policies, password policies, and external identity provider configuration. Review audit logs for configuration changes performed by low-privileged administrative accounts and temporarily apply stricter change-control around authentication configuration until upgrades are completed.

Remediation

Patch, then assume compromise.

Upgrade to a fixed version provided by Ivanti. According to the provided content, the issue is fixed in Ivanti Connect Secure 22.7R2.9 and 22.8R2 or later, Ivanti Policy Secure 22.7R1.6 or later, Ivanti ZTA Gateway 2.8R2.3-723 or later, and Ivanti Neurons for Secure Access 22.8R1.4 or later. Ivanti indicates a fix was deployed on 02-Aug-2025. Organizations should validate that all affected appliances and tenants are updated to the corrected release train and review administrative role assignments after patching.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

IvantiConnect Secureapplication

IvantiNeurons For Secure Accessapplication

IvantiPolicy Secureapplication

IvantiZero Trust Access Gatewayapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

zeropath blogNews

Sep 9, 2025

Ivanti Connect Secure CVE-2025-55142 Authorization Bypass: Brief Summary and Technical Review - ZeroPath Blog | ZeroPath

A missing authorization vulnerability in Ivanti administrative interfaces that allows a remote authenticated attacker with read-only administrative access to modify authentication-related settings, enabling privilege escalation and tampering with authentication controls.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity2