Ivanti software security update notification

Ivanti has released its September 2025 security bulletin, patching 13 vulnerabilities across several popular products including Ivanti Endpoint Manager, Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. Fortunately, there is no evidence these flaws have been exploited in the wild.

Ivanti software security update notificationIvanti software security update notification

Key high-severity vulnerabilities include:

  • CVE-2025-9712 & CVE-2025-9872: Remote code execution risks in Ivanti Endpoint Manager due to insufficient filename validation. User interaction is required for exploitation.
  • CVE-2025-55145: Missing authorization flaw allowing remote authenticated attackers to hijack HTML5 connections.
  • CVE-2025-55147: Cross-Site Request Forgery (CSRF) vulnerability enabling remote unauthenticated attackers to perform sensitive actions.
  • CVE-2025-55141 & CVE-2025-55142: Missing authorization flaws allowing attackers with read-only admin privileges to modify authentication settings.
Ivanti software security update notificationIvanti software security update notification

Several medium-severity issues also affect these products, including Server-Side Request Forgery and reflected text injection vulnerabilities.

Recommended Action:
Users should promptly apply the latest patches and follow Ivanti’s security guidance to protect their environments from potential exploitation.

Staying current with these updates is critical to maintaining the security and integrity of Ivanti-managed systems.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security