Stack-Based Buffer Overflow in Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2025-22457

9.8CRITICAL

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure; Neurons For Zta Gateways
Vendor: CVE Published:; 3 April 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 10,500💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 26%🦅 CISA Reported📰 News Worthy

What is CVE-2025-22457?

CVE-2025-22457 is a serious security vulnerability affecting several Ivanti products, including Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. This vulnerability arises from a stack-based buffer overflow, which can be exploited by an unauthenticated remote attacker to execute arbitrary code on affected systems. Given the critical roles these products play in enabling secure remote access and managing cloud environments, the exploitation of this vulnerability poses significant risks to organizations using them, as it could lead to unauthorized access and compromise of sensitive data.

Technical Details

The vulnerability is characterized by a stack-based buffer overflow in specific versions of Ivanti products. The flaw exists in Ivanti Connect Secure prior to version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2. Attackers can exploit this vulnerability without authentication, meaning they do not need privileged access to the targeted systems. The nature of the vulnerability allows for the potential execution of remote code, making it particularly dangerous for networks utilizing these Ivanti solutions.

Potential Impact of CVE-2025-22457

Remote Code Execution: The primary and most immediate impact of this vulnerability is the potential for remote code execution. This allows attackers to execute malicious code on affected systems, leading to complete system control and the ability to carry out further attacks.
Data Breaches: Organizations could face severe data breaches as a result of this vulnerability. Unauthorized access gained through exploitation could lead to theft of sensitive information, customer data, or proprietary business intelligence.
Service Disruption: Exploitation of CVE-2025-22457 could result in significant service disruptions. Attackers could leverage the vulnerability to take down critical services, impacting business operations and leading to financial losses as well as reputational damage.

CISA has reported CVE-2025-22457

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-22457 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations as set forth in the CISA instructions linked below.

Affected Version(s)

Connect Secure 22.7R2.6

Neurons for ZTA gateways 22.8R2.2

Policy Secure 22.7R1.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-22457
Created by sfewer-r7

ivantiunlocker
Created by Vinylrider

News Articles

Rapid7

CVE-2024-7399 CVE-2025-22457

Metasploit Wrap-Up | Rapid7 Blog

Last updated at Thu, 22 May 2025 18:14:26 GMT This week's wrap-up includes many new modules, but notably, we've upgraded Metasploit loading. Thanks to bcoles, the bootup performance when searching for a...