Ivanti patches multiple Connect Secure and ZTA flaws enabling DoS and file read
Ivanti released security updates for Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access to fix four vulnerabilities, including two high-severity remote unauthenticated denial-of-service flaws tracked as CVE-2025-5456 and CVE-2025-5462. The bugs stem from memory-safety weaknesses including a buffer over-read and a heap-based buffer overflow that can be triggered through crafted network input, potentially crashing appliances that provide VPN, zero-trust, and access-control services. Ivanti said cloud instances of Neurons for Secure Access were remediated by August 2, 2025, while on-premises customers must apply the fixed releases.
The same advisory also addressed CVE-2025-5466, an authenticated administrator XXE issue that can cause denial of service, and CVE-2025-5468, a symbolic link handling flaw that could let a local authenticated attacker read arbitrary files. Ivanti said it had no evidence of customer exploitation before disclosure and that the issues were found through internal assessments and responsible disclosure, but the breadth of affected products increases operational risk for enterprises relying on Ivanti remote access infrastructure. The company also noted that Pulse Connect Secure 9.x no longer receives backported fixes because it has reached end of support.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Ivanti says no active exploitation was seen at disclosure
At the time of the August 12, 2025 disclosure, Ivanti said it was not aware of customers being exploited via the newly disclosed vulnerabilities. The company said the issues were found through internal security assessments or responsible disclosure.
Ivanti discloses four vulnerabilities in secure access products
On August 12, 2025, Ivanti disclosed four vulnerabilities affecting Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. The issues included two remote unauthenticated denial-of-service flaws, one admin XXE denial-of-service flaw, and one local authenticated arbitrary file-read flaw.
Ivanti ends engineering support for Pulse Connect Secure 9.x
Ivanti said Pulse Connect Secure 9.x reached End of Engineering in June 2024, meaning fixes are no longer backported to that product line.
Ivanti makes fixed versions available for four August CVEs
Ivanti stated that fixed versions for Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access were made available on August 2, 2025 to address four vulnerabilities, including CVE-2025-5456 and CVE-2025-5462.
Ivanti deploys cloud fixes for multiple access product vulnerabilities
Ivanti said fixes for affected cloud deployments, including Neurons for Secure Access, were already applied on August 2, 2025. This remediation covered vulnerabilities later publicly disclosed across Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access.
Ivanti releases May 2025 patches for CVE-2025-22462
Ivanti released May 2025 security patches for the critical authentication bypass vulnerability CVE-2025-22462 affecting on-premises Ivanti Neurons for ITSM. The flaw can allow unauthenticated attackers to gain full administrative access on vulnerable IIS-hosted deployments.
Pulse Connect Secure 9.x reaches end of support
Ivanti noted that Pulse Connect Secure 9.x reached End-of-Support on December 31, 2024.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
11 references tracked. Mallory keeps watching after this page renders.
Ivanti Endpoint Manager CVE-2025-9713 Path Traversal RCE - Brief Summary and Technical Details - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceIvanti Connect Secure CSRF Vulnerability (CVE-2025-55147): Brief Summary and Technical Review - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceIvanti Connect Secure CVE-2025-55145: Brief Summary of Missing Authorization in HTML5 Session Handling - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceIvanti Connect Secure CVE-2025-55142 Authorization Bypass: Brief Summary and Technical Review - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceIvanti Connect Secure CVE-2025-5456 Buffer Over-Read: Brief Summary and Technical Review - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceAugust Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (Multiple CVEs)
forums.ivanti.com
Open sourceIvanti Connect Secure CVE-2025-5462 Heap-Based Buffer Overflow: Brief Summary and Patch Guidance - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceIvanti Neurons for ITSM Hit by Critical Auth Bypass (CVE-2025-22462): Immediate Action Required - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Ivanti Connect Secure RCE Flaws Exploited, Legacy Pulse Secure Left Unpatched
Ivanti disclosed multiple critical vulnerabilities affecting **Ivanti Connect Secure**, **Ivanti Policy Secure**, and **Ivanti Neurons for ZTA Gateway**, including `CVE-2025-0282` (CVSS 9.0), a stack-based buffer overflow that allows unauthenticated remote code execution, and `CVE-2025-0283` (CVSS 7.0), which enables privilege escalation. Ivanti said `CVE-2025-0282` has been exploited in the wild against Ivanti Connect Secure, prompting urgent guidance for organizations to upgrade to fixed releases and use the **Integrity Checker Tool** to look for signs of compromise. Authorities later warned that `CVE-2025-22457` is also being actively exploited in **Ivanti Connect Secure** and **Pulse Connect Secure**, allowing remote command execution on vulnerable systems. Ivanti Connect Secure addressed that flaw in version **22.7R2.6**, but **Pulse Connect Secure 9.x** has no patch and will not receive one, leaving migration and retirement as the only mitigation for legacy deployments. While Ivanti Policy Secure and ZTA Gateway are also affected by `CVE-2025-22457`, exploitation had not been observed in those products at the time of reporting.
Apr 23, 2026
Ivanti fixes Connect Secure, Policy Secure, and Neurons for ITSM vulnerabilities
Ivanti issued security updates for multiple enterprise products, including **Ivanti Connect Secure**, **Policy Secure**, and **Ivanti Neurons for ITSM**, as the company continued remediation across its remote access and IT service management portfolio. The Neurons for ITSM fixes arrived in version **2025.4** and addressed **CVE-2026-4913** and **CVE-2026-4914**, affecting version **2025.3** and earlier in both on-premises and cloud deployments; Ivanti said cloud instances had already been patched and urged on-premises customers to upgrade through the Ivanti License System. According to Ivanti, **CVE-2026-4913** is an improper path protection flaw that could allow a remote authenticated attacker to retain access after an administrator disables the account, while **CVE-2026-4914** is a stored **XSS** issue that could let an authenticated attacker access limited data from other users’ sessions. Ivanti said it was not aware of active exploitation and had no indicators of compromise for the Neurons flaws, while its separate advisory for Connect Secure and Policy Secure signaled additional security remediation affecting those products.
Jun 3, 2026
Ivanti Patches RCE and Privilege Escalation Flaws in Secure Access Client and vTM
Ivanti released security updates for two enterprise products, fixing multiple vulnerabilities in **Ivanti Secure Access Client for Windows** and **Ivanti Virtual Traffic Manager (vTM)**. In Secure Access Client, version `22.8R6` addresses **CVE-2026-7431**, an incorrect permissions issue that could let a local authenticated user read or modify sensitive log data; **CVE-2026-7432**, a race condition that could allow local privilege escalation to `SYSTEM`; and **CVE-2026-8992`, an improper certificate validation flaw that could enable remote unauthenticated code execution. Ivanti said affected Secure Access Client versions are `22.8R5` and earlier and advised customers to upgrade to `22.8R6`. Ivanti also patched **CVE-2026-8051** in **Ivanti Virtual Traffic Manager**, a high-severity `CWE-78` OS command injection vulnerability with a CVSS score of `7.2` that could allow a remote authenticated administrator to achieve remote code execution. The flaw affects vTM `22.9r3` and earlier and is fixed in `22.9r4`. Ivanti said it was not aware of customer exploitation of any of the disclosed issues before publication and said the vulnerabilities were reported through its responsible disclosure program, crediting William Söderberg of Reversec for the vTM finding.
Jun 21, 2026