Vulnerability Database

318,003

Total vulnerabilities in the database

CVE-2025-5468

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.

  • Published: Aug 12, 2025
  • Updated: Nov 16, 2025
  • CVE: CVE-2025-5468
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

Software From Fixed in
ivanti / connect_secure - 22.7
ivanti / connect_secure 22.7 22.7.x
ivanti / connect_secure 22.7-r1 22.7-r1.x
ivanti / connect_secure 22.7-r1.1 22.7-r1.1.x
ivanti / connect_secure 22.7-r1.2 22.7-r1.2.x
ivanti / connect_secure 22.7-r1.3 22.7-r1.3.x
ivanti / connect_secure 22.7-r1.4 22.7-r1.4.x
ivanti / connect_secure 22.7-r1.5 22.7-r1.5.x
ivanti / connect_secure 22.7-r2 22.7-r2.x
ivanti / connect_secure 22.7-r2.1 22.7-r2.1.x
ivanti / connect_secure 22.7-r2.2 22.7-r2.2.x
ivanti / connect_secure 22.7-r2.3 22.7-r2.3.x
ivanti / connect_secure 22.7-r2.4 22.7-r2.4.x
ivanti / connect_secure 22.7-r2.5 22.7-r2.5.x
ivanti / connect_secure 22.7-r2.6 22.7-r2.6.x
ivanti / connect_secure 22.7-r2.7 22.7-r2.7.x
ivanti / policy_secure - 22.7
ivanti / policy_secure 22.7 22.7.x
ivanti / policy_secure 22.7-r1 22.7-r1.x
ivanti / policy_secure 22.7-r1.1 22.7-r1.1.x
ivanti / policy_secure 22.7-r1.2 22.7-r1.2.x
ivanti / policy_secure 22.7-r1.3 22.7-r1.3.x
ivanti / policy_secure 22.7-r1.4 22.7-r1.4.x
ivanti / zero_trust_access_gateway 22.8-r2.2 22.8-r2.2.x
ivanti / neurons_for_secure_access - 22.8
ivanti / neurons_for_secure_access 22.8-r1 22.8-r1.x
ivanti / neurons_for_secure_access 22.8-r1.1 22.8-r1.1.x
ivanti / neurons_for_secure_access 22.8-r1.2 22.8-r1.2.x
ivanti / neurons_for_secure_access 22.8-r1.3 22.8-r1.3.x