1. Home
  2. CVE Database
  3. CVE-2025-8712
MEDIUM · 5.4

CVE-2025-8712

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R...

Vulnerability Description

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
IvantiNeurons For Secure Access< 22.8
IvantiConnect Secure< 22.7
IvantiPolicy Secure< 22.7
IvantiZero Trust Access Gateway22.8

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2025-8712?

CVE-2025-8712 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R...

How severe is CVE-2025-8712?

CVE-2025-8712 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-8712?

Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Neurons For Secure Access, Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Zero Trust Access Gateway.