CVE-2025-55145 is a critical authorization bypass vulnerability identified in multiple Ivanti secure access products, including Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. The root cause is a missing authorization check (CWE-862) that allows a remote attacker with valid authentication to hijack existing HTML5 connections. This hijacking can lead to unauthorized access to sensitive session data and potentially allow attackers to perform actions on behalf of legitimate users. The vulnerability affects versions released before the patches deployed on August 2, 2025. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L), but does require privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially compromised component. The impact on confidentiality and integrity is high (C:H/I:H), while availability impact is low (A:L). No public exploits have been reported yet, but the vulnerability’s nature and affected products make it a significant risk for organizations relying on Ivanti’s secure remote access solutions. The flaw could be exploited to intercept or manipulate session data, potentially leading to data breaches or unauthorized system control. The vulnerability highlights the importance of robust authorization mechanisms in secure access platforms.

The vulnerability allows attackers with valid credentials to hijack active HTML5 sessions, compromising confidentiality and integrity of sensitive data transmitted through Ivanti’s secure access products. This can lead to unauthorized access to internal networks, data exfiltration, and potential lateral movement within affected organizations. Given Ivanti’s widespread use in enterprise VPNs and zero-trust access gateways, exploitation could disrupt secure remote access for employees and partners, impacting business continuity and trust. Although availability impact is low, the breach of session integrity and confidentiality can result in significant operational and reputational damage. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely heavily on Ivanti products for secure remote access are particularly at risk. The requirement for authentication and user interaction somewhat limits exploitation but does not eliminate the threat, especially in environments with weak credential management or social engineering risks.

1. Immediately apply the patches released on or after August 2, 2025, for all affected Ivanti products to remediate the missing authorization flaw. 2. Enforce strict multi-factor authentication (MFA) to reduce the risk of credential compromise and unauthorized access. 3. Monitor active sessions for unusual activity or anomalies that could indicate session hijacking attempts. 4. Implement network segmentation and least privilege access policies to limit the impact of compromised sessions. 5. Conduct regular security audits and penetration testing focused on authorization controls within Ivanti products. 6. Educate users about phishing and social engineering risks to prevent credential theft that could facilitate exploitation. 7. Use session timeout and re-authentication mechanisms to reduce the window of opportunity for session hijacking. 8. Employ intrusion detection and prevention systems (IDS/IPS) tuned to detect suspicious activities related to session manipulation. 9. Maintain up-to-date inventory of Ivanti product versions deployed to ensure timely patch management. 10. Collaborate with Ivanti support and security advisories for ongoing updates and best practices.