← back
CVE-2025-22457

CVE-2025-22457

CVSS 9 CRITICALEPSS 100.0%● KEVCWE-121
In short

A flaw in Ivanti Connect Secure, Policy Secure, and ZTA Gateways allows remote attackers to crash the system or run malicious code without needing to log in, due to improper memory handling.

Technical detail

Stack-based buffer overflow in vulnerable Ivanti gateway versions (Connect Secure <22.7R2.6, Policy Secure <22.7R1.4, ZTA Gateways <22.8R2.2) exploitable by unauthenticated remote attackers over the network, resulting in arbitrary code execution via memory corruption.

Summary generated and translated by AI from the official description.
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Ivanti · Connect SecureIvanti · Neurons for ZTA gatewaysIvanti · Policy Secure
public PoCs found4
githubgithub.com/sfewer-r7/CVE-2025-2245773githubgithub.com/securekomodo/CVE-2025-2245718githubgithub.com/Vinylrider/ivantiunlocker2githubgithub.com/TRone-ux/CVE-2025-224571
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457