CVE-2025-55145 is a high-severity vulnerability classified under CWE-862 (Missing Authorization) affecting multiple Ivanti products, including Connect Secure versions prior to 22.7R2.9 and 22.8R2, Policy Secure before 22.7R1.6, ZTA Gateway before 2.8R2.3-723, and Neurons for Secure Access before 22.8R1.4. The vulnerability allows a remote attacker with valid authentication to hijack existing HTML5 connections. This implies that although the attacker must be authenticated, they can escalate their privileges or access sessions they should not be authorized to access, bypassing critical authorization controls. The flaw arises from improper enforcement of authorization checks, enabling attackers to manipulate or take over active sessions established via HTML5 technologies, which are commonly used for secure remote access and VPN services. The CVSS v3.1 score of 8.9 reflects the high impact on confidentiality and integrity, with a low attack complexity and requiring only low privileges and user interaction. The scope is changed, indicating that the vulnerability affects resources beyond the initially compromised component. No known exploits are reported in the wild as of the publication date, but the vulnerability was publicly disclosed shortly after the fix was deployed on August 2, 2025. This vulnerability is critical for organizations relying on Ivanti's secure access solutions for remote connectivity and zero-trust network access, as it can lead to unauthorized data exposure and session hijacking.

For European organizations, the impact of this vulnerability is significant due to the widespread use of Ivanti's secure access products in enterprise environments for VPN and zero-trust access solutions. Exploitation could lead to unauthorized access to sensitive internal systems, data breaches, and potential lateral movement within networks. Confidentiality is severely impacted as attackers can hijack sessions and access protected resources. Integrity is also at risk since attackers may manipulate session data or commands. Availability impact is low but could increase if attackers disrupt sessions. Given the GDPR and other stringent data protection regulations in Europe, any unauthorized access or data leakage could result in severe legal and financial penalties. Furthermore, organizations in critical infrastructure sectors such as finance, healthcare, and government could face operational disruptions and reputational damage. The requirement for authenticated access limits the attack surface but does not eliminate risk, especially in environments with weak credential management or insider threats.

Organizations should immediately verify that all Ivanti products are updated to the fixed versions: Connect Secure 22.7R2.9 or later, Policy Secure 22.7R1.6 or later, ZTA Gateway 2.8R2.3-723 or later, and Neurons for Secure Access 22.8R1.4 or later. Beyond patching, implement strict access controls and multi-factor authentication (MFA) to reduce the risk of credential compromise. Monitor active sessions for unusual activity or anomalies that could indicate session hijacking attempts. Employ network segmentation to limit the impact of compromised sessions. Conduct regular audits of user privileges to ensure least privilege principles are enforced. Additionally, review and harden session management configurations, including timeout settings and session token protections. Incident response plans should be updated to include detection and mitigation strategies for session hijacking. Finally, Ivanti customers should subscribe to vendor advisories for timely updates and consider deploying Web Application Firewalls (WAF) or Intrusion Detection Systems (IDS) tuned to detect exploitation attempts targeting this vulnerability.