📦

zero_trust_access_gateway

Vendor: ivanti

Actively Exploited 1 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 0 Remote Access

Total CVEs 33 Total Indexed

Avg. EPSS 9.89% Exploit Prob.

Latest CVE CVE-2025-8712 Sep 09

Security Vulnerability Index

Page 2 / 4

6.8 CVSS

CVE-2025-55139

SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.

EPSS: 0.77%

Severity: MEDIUM

Sep 09, 2025

5.5 CVSS

CVE-2025-5468

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.

EPSS: 0.08%

Severity: MEDIUM

Aug 12, 2025

4.9 CVSS

CVE-2025-5466

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service

EPSS: 1.04%

Severity: MEDIUM

Aug 12, 2025

7.5 CVSS

CVE-2025-5462

A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service.

EPSS: 0.58%

Severity: HIGH

Aug 12, 2025

7.5 CVSS

CVE-2025-5456

A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125

EPSS: 0.64%

Severity: HIGH

Aug 12, 2025

9.0 CVSS

CVE-2025-22457

Exploit Found

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

EPSS: 55.90%

Severity: CRITICAL

Apr 03, 2025

8.3 CVSS

CVE-2024-22024

Exploit Found

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

EPSS: 94.25%

Severity: HIGH

Feb 13, 2024

Displaying 7 of 33 Total Entries

1 2 3 4

Total 4 Sections