CVE-2025-8711

5.4 MEDIUM

Authentication Bypass CSRF

📋 TL;DR

This is a Cross-Site Request Forgery (CSRF) vulnerability affecting multiple Ivanti secure access products. It allows remote unauthenticated attackers to perform limited actions on behalf of authenticated users when victims interact with malicious content. Affected products include Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access.

💻 Affected Systems

Products:

Ivanti Connect Secure
Ivanti Policy Secure
Ivanti ZTA Gateway
Ivanti Neurons for Secure Access

Versions: Connect Secure before 22.7R2.9 or 22.8R2, Policy Secure before 22.7R1.6, ZTA Gateway before 2.8R2.3-723, Neurons for Secure Access before 22.8R1.4

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: User interaction required - victim must visit malicious site or click malicious link while authenticated

📦 What is this software?

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Neurons For Secure Access by Ivanti

View all CVEs affecting Neurons For Secure Access →

Neurons For Secure Access by Ivanti

View all CVEs affecting Neurons For Secure Access →

Neurons For Secure Access by Ivanti

View all CVEs affecting Neurons For Secure Access →

Neurons For Secure Access by Ivanti

View all CVEs affecting Neurons For Secure Access →

Neurons For Secure Access by Ivanti

View all CVEs affecting Neurons For Secure Access →

Policy Secure by Ivanti

View all CVEs affecting Policy Secure →

Policy Secure by Ivanti

View all CVEs affecting Policy Secure →

Policy Secure by Ivanti

View all CVEs affecting Policy Secure →

Policy Secure by Ivanti

View all CVEs affecting Policy Secure →

Policy Secure by Ivanti

View all CVEs affecting Policy Secure →

Policy Secure by Ivanti

View all CVEs affecting Policy Secure →

Policy Secure by Ivanti

View all CVEs affecting Policy Secure →

Policy Secure by Ivanti

View all CVEs affecting Policy Secure →

Zero Trust Access Gateway by Ivanti

View all CVEs affecting Zero Trust Access Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker could perform administrative actions, modify configurations, or access sensitive data through victim's authenticated session

🟠

Likely Case

Attacker performs limited actions like changing user settings or accessing some protected resources

🟢

If Mitigated

No impact if proper CSRF protections are implemented or user doesn't interact with malicious content

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to trick users into visiting malicious content while authenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Connect Secure 22.7R2.9 or 22.8R2, Policy Secure 22.7R1.6, ZTA Gateway 2.8R2.3-723, Neurons for Secure Access 22.8R1.4

Vendor Advisory: https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US

Restart Required: No

Instructions:

1. Download appropriate patch from Ivanti support portal. 2. Apply patch following Ivanti documentation. 3. Verify patch installation. 4. Test functionality.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax on session cookies

🧯 If You Can't Patch

Implement web application firewall with CSRF protection rules
Educate users about phishing risks and safe browsing practices

🔍 How to Verify

Check if Vulnerable:

Check product version against affected versions list in admin interface

Check Version:

Check version in product admin dashboard or via CLI: show version

Verify Fix Applied:

Verify installed version matches patched version in system settings

📡 Detection & Monitoring

Log Indicators:

Unexpected state changes without corresponding user actions
Requests missing CSRF tokens
Multiple actions from same session in short timeframe

Network Indicators:

Requests from unexpected referrers
POST requests without proper origin headers

SIEM Query:

source="ivanti*" AND (action="modify" OR action="change" OR action="update") AND NOT user_agent="browser*"

📊 Metadata

CVE ID: CVE-2025-8711

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-352

EPSS Score: 0.06% exploit probability (18.2th percentile)

Published: September 9, 2025

Last Updated: September 24, 2025

🔗 References

https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US Vendor Advisory