Multiple Vulnerabilities Discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways

Ivanti on September 9 released a security advisory detailing six medium and five high severity vulnerabilities impacting Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access.

No evidence of customer exploitation has surfaced so far. Patches and fixes are available immediately to address issues ranging from missing authorization checks and cross-site request forgery (CSRF) flaws to server-side request forgery (SSRF) and denial-of-service conditions.

Scope of Vulnerabilities

The advisory covers multiple components, including on-premise and cloud products.

Affected versions include Ivanti Connect Secure 22.7R2.8 and earlier, Policy Secure 22.7R1.4 and earlier, ZTA Gateways 22.8R2.2, and Neurons for Secure Access 22.8R1.3 and earlier.

Ivanti deployed fixes on August 2, 2025, for all products; cloud environments for Neurons for Secure Access were updated automatically.