CVE-2025-55139

EPSS 0.58%
Veröffentlicht 09.09.2025 15:41:16
Zuletzt bearbeitet 24.09.2025 19:50:14
Quelle 3c1d8aa1-5a33-4ea4-8992-aadd64
CVE-Watchlists
Login
Unerledigt
Login

SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 31 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ivanti ≫ Connect Secure Version < 22.7

Ivanti ≫ Connect Secure Version22.7 Update-

Ivanti ≫ Connect Secure Version22.7 Updater1

Ivanti ≫ Connect Secure Version22.7 Updater1.1

Ivanti ≫ Connect Secure Version22.7 Updater1.2

Ivanti ≫ Connect Secure Version22.7 Updater1.3

Ivanti ≫ Connect Secure Version22.7 Updater1.4

Ivanti ≫ Connect Secure Version22.7 Updater1.5

Ivanti ≫ Connect Secure Version22.7 Updater2

Ivanti ≫ Connect Secure Version22.7 Updater2.1

Ivanti ≫ Connect Secure Version22.7 Updater2.2

Ivanti ≫ Connect Secure Version22.7 Updater2.3

Ivanti ≫ Connect Secure Version22.7 Updater2.4

Ivanti ≫ Connect Secure Version22.7 Updater2.5

Ivanti ≫ Connect Secure Version22.7 Updater2.6

Ivanti ≫ Connect Secure Version22.7 Updater2.7

Ivanti ≫ Connect Secure Version22.7 Updater2.8

Ivanti ≫ Policy Secure Version < 22.7

Ivanti ≫ Policy Secure Version22.7 Update-

Ivanti ≫ Policy Secure Version22.7 Updater1

Ivanti ≫ Policy Secure Version22.7 Updater1.1

Ivanti ≫ Policy Secure Version22.7 Updater1.2

Ivanti ≫ Policy Secure Version22.7 Updater1.3

Ivanti ≫ Policy Secure Version22.7 Updater1.4

Ivanti ≫ Policy Secure Version22.7 Updater1.5

Ivanti ≫ Zero Trust Access Gateway Version22.8 Updater2.2

Ivanti ≫ Neurons For Secure Access Version < 22.8

Ivanti ≫ Neurons For Secure Access Version22.8 Updater1

Ivanti ≫ Neurons For Secure Access Version22.8 Updater1.1

Ivanti ≫ Neurons For Secure Access Version22.8 Updater1.2

Ivanti ≫ Neurons For Secure Access Version22.8 Updater1.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.69

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
3c1d8aa1-5a33-4ea4-8992-aadd6440af75	6.8	2.3	4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-55139

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55139

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55139

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-55139