vulnerability
Pulse Secure Pulse Connect Secure: September Security Advisory Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access (Multiple CVEs)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:M/C:C/I:N/A:N) | Sep 9, 2025 | Sep 16, 2025 | Mar 26, 2026 |
Severity
6
CVSS
(AV:N/AC:L/Au:M/C:C/I:N/A:N)
Published
Sep 9, 2025
Added
Sep 16, 2025
Modified
Mar 26, 2026
Description
SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.
Solutions
pulse-secure-pulse-connect-secure-upgrade-22_7r2_9pulse-secure-pulse-connect-secure-upgrade-22_8r2
References
- CVE-2025-55139
- https://attackerkb.com/topics/CVE-2025-55139
- https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-27285
- CWE-918
- EUVD-EUVD-2025-27285
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.