1. Home
  2. CVE Database
  3. CVE-2025-5468
MEDIUM · 5.5

CVE-2025-5468

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secu...

Vulnerability Description

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
IvantiConnect Secure< 22.7
IvantiPolicy Secure< 22.7
IvantiZero Trust Access Gateway22.8
IvantiNeurons For Secure Access< 22.8

Related Weaknesses (CWE)

CWE-61

References

FAQ

What is CVE-2025-5468?

CVE-2025-5468 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secu...

How severe is CVE-2025-5468?

CVE-2025-5468 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-5468?

Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Zero Trust Access Gateway, Ivanti Neurons For Secure Access.