CVE-2025-5468 is a medium-severity vulnerability affecting multiple Ivanti products, including Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. The root cause is improper handling of UNIX symbolic links (CWE-61) in versions prior to the fixed releases (22.7R2.8 or 22.8R2 for Connect Secure, 22.7R1.5 for Policy Secure, 22.8R2.3-723 for ZTA Gateway, and 22.8R1.4 for Neurons for Secure Access). This flaw allows a local authenticated attacker to exploit symbolic link dereferencing to read arbitrary files on the disk. The vulnerability does not require user interaction but does require local authentication with low privileges. The CVSS v3.1 score is 5.5, reflecting a medium severity primarily due to the high confidentiality impact (arbitrary file read) but no impact on integrity or availability. The vulnerability arises because the affected software fails to properly validate or restrict symbolic link targets, enabling attackers to bypass intended file access controls and access sensitive files. Although no known exploits are currently reported in the wild, the vulnerability poses a risk especially in environments where local user accounts are shared or where attackers can gain low-level authenticated access. The fix was deployed on August 2, 2025, and upgrading to the patched versions is critical to mitigate this risk.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive information stored on servers running affected Ivanti products. Ivanti Connect Secure and related products are often used to provide secure remote access and policy enforcement, meaning that an attacker with low-level authenticated access could leverage this flaw to read configuration files, credentials, or other sensitive data. This could facilitate further lateral movement, privilege escalation, or data exfiltration within corporate networks. The impact is particularly significant for organizations handling sensitive personal data under GDPR, as unauthorized data access could lead to regulatory penalties and reputational damage. Additionally, sectors such as finance, healthcare, and critical infrastructure that rely on Ivanti solutions for secure access may face increased risk of targeted attacks exploiting this vulnerability to gain intelligence or disrupt operations.

Organizations should immediately verify the versions of Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access deployed in their environments. Upgrading to the fixed versions (22.7R2.8 or later for Connect Secure, 22.7R1.5 or later for Policy Secure, 22.8R2.3-723 or later for ZTA Gateway, and 22.8R1.4 or later for Neurons) is the primary mitigation. Additionally, organizations should audit local user accounts and restrict access to only trusted personnel, as exploitation requires local authentication. Implement strict file system permissions to limit the ability of users to create or manipulate symbolic links in sensitive directories. Monitoring and alerting on unusual file access patterns or symbolic link creations can help detect exploitation attempts. Network segmentation to isolate Ivanti servers and use of multi-factor authentication can reduce the risk of unauthorized local access. Finally, reviewing and hardening the configuration of Ivanti products to minimize exposure and applying security best practices for privileged access management will further reduce risk.