Ivanti Zero Trust Access Gateway — known CVE vulnerabilities
Every CVE whose affected-product data names Ivanti Zero Trust Access Gateway, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2025-55145 — CVSS 8.9 (high): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2025-55141 — CVSS 8.8 (high): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2025-55147 — CVSS 8.8 (high): CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and…
CVE-2025-55142 — CVSS 8.8 (high): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2024-22024 — CVSS 8.3 (high): An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x)…
CVE-2025-55148 — CVSS 7.6 (high): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2025-5462 — CVSS 7.5 (high): A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway…
CVE-2025-5456 — CVSS 7.5 (high): A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA…
CVE-2025-55139 — CVSS 6.8 (medium): SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and…
CVE-2025-55143 — CVSS 6.1 (medium): Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway…
CVE-2025-5468 — CVSS 5.5 (medium): Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5…
CVE-2025-8711 — CVSS 5.4 (medium): CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and…
CVE-2025-8712 — CVSS 5.4 (medium): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2025-55144 — CVSS 5.4 (medium): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2025-5466 — CVSS 4.9 (medium): XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and…
CVE-2025-55146 — CVSS 4.9 (medium): An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway…