CVE-2025-55145 is a high-severity vulnerability classified under CWE-862 (Missing Authorization) affecting multiple Ivanti products, including Connect Secure versions prior to 22.7R2.9 and 22.8R2, Policy Secure before 22.7R1.6, ZTA Gateway before 2.8R2.3-723, and Neurons for Secure Access before 22.8R1.4. The vulnerability arises from improper authorization checks within the affected Ivanti secure access solutions, which are commonly used for remote access and VPN services. Specifically, a remote attacker with valid authentication credentials can exploit this flaw to hijack existing HTML5 connections. This hijacking could allow the attacker to assume control over active sessions, potentially gaining unauthorized access to sensitive resources or performing actions on behalf of legitimate users. The vulnerability has a CVSS v3.1 base score of 8.9, indicating high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially compromised component. The impact on confidentiality and integrity is high, while availability impact is low. The flaw was publicly disclosed on September 9, 2025, with fixes deployed on August 2, 2025, but no known exploits are reported in the wild yet. The vulnerability highlights a critical authorization bypass in Ivanti's secure remote access products, which could be leveraged by attackers to escalate privileges and compromise enterprise networks through session hijacking.

For European organizations, this vulnerability poses a significant risk due to the widespread adoption of Ivanti's secure access products in enterprise environments for VPN and zero-trust access solutions. Successful exploitation could lead to unauthorized access to internal networks, data exfiltration, and lateral movement within corporate infrastructures. Given the high confidentiality and integrity impact, sensitive business data, intellectual property, and personal data protected under GDPR could be exposed or manipulated, leading to regulatory penalties and reputational damage. The requirement for user interaction and valid credentials somewhat limits exploitation to insider threats or compromised accounts, but the session hijacking capability increases the attacker's ability to maintain persistence and evade detection. This is particularly critical for sectors with stringent security requirements such as finance, healthcare, and government agencies across Europe. The vulnerability could also undermine trust in remote access solutions at a time when hybrid work models are prevalent, increasing the attack surface for European enterprises.

European organizations should prioritize immediate patching of all affected Ivanti products to the fixed versions released on or after August 2, 2025. In addition to patching, organizations should implement strict access controls and multi-factor authentication (MFA) to reduce the risk of credential compromise. Monitoring and logging of remote access sessions should be enhanced to detect anomalous session hijacking activities, including unusual session handoffs or concurrent sessions from different locations. Network segmentation should be enforced to limit the impact of any compromised sessions. Organizations should also conduct regular audits of user privileges and session management policies to ensure that authorization checks are correctly enforced. Employing endpoint detection and response (EDR) tools to monitor for suspicious behavior related to remote access clients can provide early warning. Finally, user training to recognize phishing and social engineering attempts that could lead to credential theft is essential to reduce the risk of initial access.