Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-8712

Опубликовано: 09 сент. 2025
Источник: nvd
CVSS3: 5.4
EPSS Низкий

Описание

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ivanti:neurons_for_secure_access:*:*:*:*:*:*:*:*
Версия до 22.8 (исключая)
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_secure_access:22.8:r1.3:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
Версия до 22.7 (исключая)
cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.7:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.8:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*
Версия до 22.7 (исключая)
cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.5:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:ivanti:zero_trust_access_gateway:22.8:r2.2:*:*:*:*:*:*

EPSS

Процентиль: 63%
0.00437
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

github логотип

GHSA-4ccv-vmjr-rffr

CVSS3: 5.4
github
5 месяцев назад

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.

EPSS

Процентиль: 63%
0.00437
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-862