### [CVE-2025-55142](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55142)
![](https://img.shields.io/static/v1?label=Product&message=Connect%20Secure&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Neurons%20for%20Secure%20Access&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Policy%20Secure&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=ZTA%20Gateway&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brightgreen)

### Description

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/thexnumb/thexwriteup