CVE-2025-55147 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability affecting multiple Ivanti products, including Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. The vulnerability exists in versions prior to 22.7R2.9 or 22.8R2 for Connect Secure, 22.7R1.6 for Policy Secure, 2.8R2.3-723 for ZTA Gateway, and 22.8R1.4 for Neurons for Secure Access. The flaw allows a remote unauthenticated attacker to trick an authenticated user into executing unintended and sensitive actions on the affected system. This is possible because the affected Ivanti products do not adequately verify the origin of requests, enabling attackers to craft malicious web requests that the victim’s browser executes with the victim’s privileges. The vulnerability requires user interaction, meaning the victim must be tricked into visiting a malicious webpage or clicking a crafted link. The CVSS v3.1 base score is 8.8, reflecting the high impact on confidentiality, integrity, and availability, combined with ease of exploitation (no privileges required, network attack vector, low attack complexity). The vulnerability was publicly disclosed on September 9, 2025, with fixes deployed on August 2, 2025. No known exploits are currently observed in the wild. The CWE-352 classification confirms the nature of the vulnerability as a CSRF issue, which typically arises from missing or inadequate anti-CSRF tokens or origin checks in web applications. Given the critical role Ivanti Connect Secure and related products play in secure remote access and policy enforcement, exploitation could lead to unauthorized administrative actions, session hijacking, or compromise of secure access controls.

For European organizations, this vulnerability poses a significant risk due to the widespread use of Ivanti products in enterprise environments for secure VPN access, zero trust enforcement, and policy management. Successful exploitation could lead to unauthorized changes in security configurations, exposure of sensitive data, or disruption of secure access services. This could facilitate lateral movement by attackers, data breaches, or denial of service conditions impacting business continuity. Given the high confidentiality, integrity, and availability impacts, organizations handling sensitive personal data under GDPR or critical infrastructure sectors could face regulatory penalties and reputational damage. The requirement for user interaction means phishing or social engineering campaigns could be used to trigger the exploit, increasing the attack surface. The absence of known exploits in the wild currently provides a window for remediation, but the high CVSS score indicates that once weaponized, the vulnerability could be leveraged in targeted attacks against European enterprises, especially those relying heavily on Ivanti’s secure access solutions.

Organizations should immediately verify their Ivanti product versions and apply the vendor-provided patches released on August 2, 2025. If patching is not immediately feasible, implement compensating controls such as enforcing strict Content Security Policy (CSP) headers and SameSite cookie attributes to mitigate CSRF risks. Additionally, review and enhance web application firewall (WAF) rules to detect and block suspicious cross-site requests targeting Ivanti management interfaces. Educate users about phishing risks and the importance of not clicking on untrusted links or visiting suspicious websites while authenticated to Ivanti portals. Network segmentation should be employed to limit access to Ivanti management interfaces only to trusted internal networks or VPN users. Monitoring and logging of administrative actions on Ivanti products should be enhanced to detect anomalous behavior indicative of CSRF exploitation attempts. Finally, consider implementing multi-factor authentication (MFA) for administrative access to reduce the impact of compromised sessions.