Stack-Based Buffer Overflow in Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2025-22457
Key Information:
- Vendor
Ivanti
- Vendor
- CVE Published:
- 3 April 2025
Badges
What is CVE-2025-22457?
CVE-2025-22457 is a serious security vulnerability affecting several Ivanti products, including Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. This vulnerability arises from a stack-based buffer overflow, which can be exploited by an unauthenticated remote attacker to execute arbitrary code on affected systems. Given the critical roles these products play in enabling secure remote access and managing cloud environments, the exploitation of this vulnerability poses significant risks to organizations using them, as it could lead to unauthorized access and compromise of sensitive data.
Technical Details
The vulnerability is characterized by a stack-based buffer overflow in specific versions of Ivanti products. The flaw exists in Ivanti Connect Secure prior to version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2. Attackers can exploit this vulnerability without authentication, meaning they do not need privileged access to the targeted systems. The nature of the vulnerability allows for the potential execution of remote code, making it particularly dangerous for networks utilizing these Ivanti solutions.
Potential Impact of CVE-2025-22457
-
Remote Code Execution: The primary and most immediate impact of this vulnerability is the potential for remote code execution. This allows attackers to execute malicious code on affected systems, leading to complete system control and the ability to carry out further attacks.
-
Data Breaches: Organizations could face severe data breaches as a result of this vulnerability. Unauthorized access gained through exploitation could lead to theft of sensitive information, customer data, or proprietary business intelligence.
-
Service Disruption: Exploitation of CVE-2025-22457 could result in significant service disruptions. Attackers could leverage the vulnerability to take down critical services, impacting business operations and leading to financial losses as well as reputational damage.
CISA has reported CVE-2025-22457
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-22457 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations as set forth in the CISA instructions linked below.
Affected Version(s)
Connect Secure 22.7R2.6
Neurons for ZTA gateways 22.8R2.2
Policy Secure 22.7R1.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Rapid7Metasploit Wrap-Up | Rapid7 Blog
Last updated at Thu, 22 May 2025 18:14:26 GMT This week's wrap-up includes many new modules, but notably, we've upgraded Metasploit loading. Thanks to bcoles, the bootup performance when searching for a...
1 week ago
CISA (.gov)CVE-2025-22457CISA Adds One Vulnerability to the KEV Catalog | CISA
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation
1 month ago
CybersecurityNewsCVE-2025-22457Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed
A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated RCE vulnerability impacting several Ivanti products.
References
EPSS Score
25% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 🦅
CISA Reported
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved