Remote Code Execution Vulnerability in Ivanti Connect Secure
CVE-2025-22467

9.9CRITICAL

Key Information:

Vendor: Ivanti
Status: Connect Secure
Vendor: CVE Published:; 11 February 2025

Summary

A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.6, which may allow an authenticated remote attacker to execute arbitrary code on the affected system. This flaw could potentially lead to unauthorized access or manipulation of sensitive data within the application, underlining the importance of timely updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Connect Secure 22.7R2.6

References

https://forums.ivanti.com/s/article/February-Security-Adv...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 7, 2025