CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-55139

SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.6%

CVSS Severity

CVSS v3 Score 6.8

References

https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US

Products affected by CVE-2025-55139

Ivanti » Connect Secure » Version: N/A

cpe:2.3:a:ivanti:connect_secure:-
Ivanti » Connect Secure » Version: 21.12

cpe:2.3:a:ivanti:connect_secure:21.12
Ivanti » Connect Secure » Version: 21.9

cpe:2.3:a:ivanti:connect_secure:21.9
Ivanti » Connect Secure » Version: 22.1

cpe:2.3:a:ivanti:connect_secure:22.1
Ivanti » Connect Secure » Version: 22.2

cpe:2.3:a:ivanti:connect_secure:22.2
Ivanti » Connect Secure » Version: 22.3

cpe:2.3:a:ivanti:connect_secure:22.3
Ivanti » Connect Secure » Version: 22.4

cpe:2.3:a:ivanti:connect_secure:22.4
Ivanti » Connect Secure » Version: 22.5

cpe:2.3:a:ivanti:connect_secure:22.5
Ivanti » Connect Secure » Version: 22.6

cpe:2.3:a:ivanti:connect_secure:22.6
Ivanti » Connect Secure » Version: 22.7

cpe:2.3:a:ivanti:connect_secure:22.7
Ivanti » Connect Secure » Version: 7.1

cpe:2.3:a:ivanti:connect_secure:7.1
Ivanti » Connect Secure » Version: 7.4

cpe:2.3:a:ivanti:connect_secure:7.4
Ivanti » Connect Secure » Version: 8.0

cpe:2.3:a:ivanti:connect_secure:8.0
Ivanti » Connect Secure » Version: 8.1

cpe:2.3:a:ivanti:connect_secure:8.1
Ivanti » Connect Secure » Version: 8.2

cpe:2.3:a:ivanti:connect_secure:8.2
Ivanti » Connect Secure » Version: 8.3

cpe:2.3:a:ivanti:connect_secure:8.3
Ivanti » Connect Secure » Version: 9.0

cpe:2.3:a:ivanti:connect_secure:9.0
Ivanti » Connect Secure » Version: 9.1

cpe:2.3:a:ivanti:connect_secure:9.1
Ivanti » Neurons For Secure Access » Version: 21.12

cpe:2.3:a:ivanti:neurons_for_secure_access:21.12
Ivanti » Neurons For Secure Access » Version: 21.9

cpe:2.3:a:ivanti:neurons_for_secure_access:21.9
Ivanti » Neurons For Secure Access » Version: 22.1

cpe:2.3:a:ivanti:neurons_for_secure_access:22.1
Ivanti » Neurons For Secure Access » Version: 22.2

cpe:2.3:a:ivanti:neurons_for_secure_access:22.2
Ivanti » Neurons For Secure Access » Version: 22.3

cpe:2.3:a:ivanti:neurons_for_secure_access:22.3
Ivanti » Neurons For Secure Access » Version: 22.4

cpe:2.3:a:ivanti:neurons_for_secure_access:22.4
Ivanti » Neurons For Secure Access » Version: 22.5

cpe:2.3:a:ivanti:neurons_for_secure_access:22.5
Ivanti » Neurons For Secure Access » Version: 22.6

cpe:2.3:a:ivanti:neurons_for_secure_access:22.6
Ivanti » Neurons For Secure Access » Version: 22.7

cpe:2.3:a:ivanti:neurons_for_secure_access:22.7
Ivanti » Neurons For Secure Access » Version: 22.8

cpe:2.3:a:ivanti:neurons_for_secure_access:22.8
Ivanti » Policy Secure » Version: N/A

cpe:2.3:a:ivanti:policy_secure:-
Ivanti » Policy Secure » Version: 22.1

cpe:2.3:a:ivanti:policy_secure:22.1
Ivanti » Policy Secure » Version: 22.2

cpe:2.3:a:ivanti:policy_secure:22.2
Ivanti » Policy Secure » Version: 22.3

cpe:2.3:a:ivanti:policy_secure:22.3
Ivanti » Policy Secure » Version: 22.4

cpe:2.3:a:ivanti:policy_secure:22.4
Ivanti » Policy Secure » Version: 22.5

cpe:2.3:a:ivanti:policy_secure:22.5
Ivanti » Policy Secure » Version: 22.6

cpe:2.3:a:ivanti:policy_secure:22.6
Ivanti » Policy Secure » Version: 22.7

cpe:2.3:a:ivanti:policy_secure:22.7
Ivanti » Policy Secure » Version: 9.0

cpe:2.3:a:ivanti:policy_secure:9.0
Ivanti » Policy Secure » Version: 9.1

cpe:2.3:a:ivanti:policy_secure:9.1
Ivanti » Zero Trust Access Gateway » Version: 22.8

cpe:2.3:a:ivanti:zero_trust_access_gateway:22.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-55139

Products

Pricing

Contact Us