CVE-2025-55144 is a medium-severity vulnerability classified under CWE-862 (Missing Authorization) affecting multiple Ivanti products, including Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. The flaw exists in versions prior to 22.7R2.9 or 22.8R2 for Connect Secure, 22.7R1.6 for Policy Secure, 2.8R2.3-723 for ZTA Gateway, and 22.8R1.4 for Neurons for Secure Access. The vulnerability allows a remote attacker who has authenticated with read-only administrative privileges to bypass authorization controls and configure restricted settings that should normally be inaccessible. This means that an attacker with limited admin rights can escalate their control over the system by modifying configurations that could impact security policies or system behavior. The vulnerability does not require user interaction and can be exploited remotely over the network, with low attack complexity. The CVSS v3.1 base score is 5.4, reflecting a medium severity level, with no impact on confidentiality but partial impact on integrity and availability. Although no known exploits are reported in the wild as of the publication date, the flaw poses a significant risk because it undermines the principle of least privilege and could lead to unauthorized configuration changes, potentially enabling further attacks or service disruptions. The fix was deployed on August 2, 2025, but systems not updated remain vulnerable.

For European organizations, this vulnerability poses a risk primarily to the integrity and availability of critical remote access and security infrastructure. Ivanti Connect Secure and related products are widely used for VPN and secure access management, especially in sectors requiring robust remote connectivity such as finance, healthcare, government, and critical infrastructure. Unauthorized configuration changes could lead to weakened security policies, exposure of sensitive internal resources, or denial of service conditions. Given the remote exploitability and the ability to escalate privileges from read-only admin to configuration control, attackers could pivot within networks, compromise additional systems, or disrupt business continuity. This is particularly concerning for organizations with strict regulatory compliance requirements (e.g., GDPR) where unauthorized changes could lead to data protection violations and reputational damage. The medium severity rating suggests the threat is serious but not immediately catastrophic, emphasizing the need for timely patching and monitoring to prevent exploitation.

European organizations should prioritize applying the official patches released on August 2, 2025, for all affected Ivanti products. Beyond patching, it is critical to audit and restrict administrative privileges to the minimum necessary, ensuring that read-only admin accounts are tightly controlled and monitored. Implement robust logging and alerting on configuration changes within Ivanti management consoles to detect unauthorized modifications promptly. Network segmentation should be enforced to limit access to Ivanti management interfaces only to trusted administrative networks. Multi-factor authentication (MFA) should be enabled for all administrative access to reduce the risk of credential compromise. Additionally, conduct regular security assessments and penetration tests focusing on access control mechanisms in Ivanti products. Organizations should also review and update incident response plans to address potential misuse of administrative privileges. Finally, maintain up-to-date inventories of Ivanti product versions deployed across the enterprise to ensure no vulnerable instances remain unpatched.