Remote Code Execution Vulnerability in Ivanti Connect Secure
CVE-2025-22467

8.8HIGH

Key Information:

Vendor
Ivanti
Status
Connect Secure
Vendor
CVE Published:
11 February 2025

Badges

📈 Score: 965💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-22467?

CVE-2025-22467 is a serious vulnerability found in Ivanti Connect Secure, a product designed to provide secure remote access for users to applications and networks. This vulnerability stems from a stack-based buffer overflow affecting versions prior to 22.7R2.6. If exploited, this vulnerability could enable a remote authenticated attacker to execute arbitrary code on the system, posing a substantial risk to the confidentiality, integrity, and availability of organizational data and resources.

Technical Details

The vulnerability is categorized as a stack-based buffer overflow, which typically occurs when data exceeds the storage capacity of the memory stack. This can lead to the corruption of adjacent memory locations, allowing an attacker to manipulate the execution flow of the application. In the case of Ivanti Connect Secure, an authenticated user can leverage this flaw to introduce malicious code, potentially gaining full control over the affected system.

Potential Impact of CVE-2025-22467

  1. Remote Code Execution: The primary risk associated with CVE-2025-22467 is the potential for remote code execution. This allows attackers to execute arbitrary commands or scripts on the vulnerable system, which could lead to severe security breaches.

  2. Compromise of Sensitive Data: Exploitation of this vulnerability could result in unauthorized access to sensitive information stored on the system, leading to data leakage or theft of confidential organizational data.

  3. Widespread Network Compromise: Since Ivanti Connect Secure is often deployed to enable remote access across corporate networks, an attacker gaining control can move laterally within the network, escalating their privileges and compromising additional systems, thereby amplifying the impact of the breach.

Affected Version(s)

Connect Secure 22.7R2.6

News Articles

favicon imageCybersecurityNews

2850+ Ivanti Connect Secure Devices Vulnerable to Remote Code Execution Attacks

A critical vulnerability, CVE-2025-22467, in Ivanti Connect Secure (ICS) devices has left approximately 2,850 instances worldwide unpatched.

2 weeks ago

favicon imageGBHackers News

2,850+ Ivanti Connect Secure Devices Exposed to Potential Cyberattacks

2,850+ unpatched Ivanti Connect Secure devices worldwide, leaving organizations vulnerable to exploitation through the critical flaw designated CVE-2025-22467.

2 weeks ago

favicon imageSC Media

Ivanti fixes 4 critical flaws, including CVSS 9.9 in Connect Secure

The flaws could enable remote code execution or arbitrary file writing and should be patched immediately.

References

https://forums.ivanti.com/s/article/February-Security-Adv...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

.