CVE-2025-22457

Warning

Media report

EPSS 71.7%
Published 03.04.2025 16:15:35
Last modified 03.05.2025 01:00:02
Source 3c1d8aa1-5a33-4ea4-8992-aadd64
Teams watchlist Login
Open Login

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

Affected products Warnungen 1 Metrics 3 CWE 2 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Ivanti ≫ Connect Secure Update- Version < 22.7

Ivanti ≫ Connect Secure Version22.7 Update-

Ivanti ≫ Connect Secure Version22.7 Updater1

Ivanti ≫ Connect Secure Version22.7 Updater1.1

Ivanti ≫ Connect Secure Version22.7 Updater1.2

Ivanti ≫ Connect Secure Version22.7 Updater1.3

Ivanti ≫ Connect Secure Version22.7 Updater1.4

Ivanti ≫ Connect Secure Version22.7 Updater1.5

Ivanti ≫ Connect Secure Version22.7 Updater2

Ivanti ≫ Connect Secure Version22.7 Updater2.1

Ivanti ≫ Connect Secure Version22.7 Updater2.2

Ivanti ≫ Connect Secure Version22.7 Updater2.3

Ivanti ≫ Connect Secure Version22.7 Updater2.4

Ivanti ≫ Connect Secure Version22.7 Updater2.5

Ivanti ≫ Neurons For Zero-trust Access Version-

Ivanti ≫ Neurons For Zero-trust Access Version22.2 Updater1

Ivanti ≫ Neurons For Zero-trust Access Version22.2 Updater4

Ivanti ≫ Neurons For Zero-trust Access Version22.2 Updater5

Ivanti ≫ Neurons For Zero-trust Access Version22.3 Updater1

Ivanti ≫ Neurons For Zero-trust Access Version22.3 Updater4

Ivanti ≫ Neurons For Zero-trust Access Version22.4 Updater1

Ivanti ≫ Neurons For Zero-trust Access Version22.4 Updater3

Ivanti ≫ Neurons For Zero-trust Access Version22.5 Updater1

Ivanti ≫ Neurons For Zero-trust Access Version22.5 Updater1.2

Ivanti ≫ Neurons For Zero-trust Access Version22.6 Updater1

Ivanti ≫ Neurons For Zero-trust Access Version22.6 Updater1.2

Ivanti ≫ Neurons For Zero-trust Access Version22.6 Updater1.3

Ivanti ≫ Neurons For Zero-trust Access Version22.6 Updater1.5

Ivanti ≫ Neurons For Zero-trust Access Version22.6 Updater1.6

Ivanti ≫ Neurons For Zero-trust Access Version22.6 Updater1.7

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater1

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater1.2

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater1.3

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater1.4

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater1.5

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater1.6

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater2

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater2.2

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater2.3

Ivanti ≫ Neurons For Zero-trust Access Version22.8 Updater1

Ivanti ≫ Neurons For Zero-trust Access Version22.8 Updater1.1

Ivanti ≫ Neurons For Zero-trust Access Version22.8 Updater2

Ivanti ≫ Policy Secure Update- Version < 22.7

Ivanti ≫ Policy Secure Version22.7 Update-

Ivanti ≫ Policy Secure Version22.7 Updater1

Ivanti ≫ Policy Secure Version22.7 Updater1.1

Ivanti ≫ Policy Secure Version22.7 Updater1.2

Ivanti ≫ Policy Secure Version22.7 Updater1.3

04.04.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Vulnerability

Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.

Description

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	71.7%	0.987

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3c1d8aa1-5a33-4ea4-8992-aadd6440af75	9	2.2	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.heise.de/news/Nur-als-Bug-klassifiziert-Kritische-Sicherheitsluecke-in-Ivanti-ICS-attackiert-10339954.html

Medienbericht

heise Security

https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-22457

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-22457

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-22457

EUVD