CVE-2025-22457

CRITICAL · 9.0 KEV EPSS 100.0%

No AI summary yet — the auto-summarizer runs every 10 minutes for top trending CVEs.

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

CVSS 3.1 breakdown

Exploitability 2.2 · Impact 6.0

vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack vector: Network
Complexity: High
Privileges required: None
User interaction: None
Scope: Changed
Confidentiality: High
Integrity: High
Availability: High

Affected versions

ivanti/connect_secure
- < 22.7
- 22.7
ivanti/policy_secure
- < 22.7
- 22.7
ivanti/zero_trust_access_gateway
- < 22.8
- 22.8

Weaknesses

Vendors

ivanti

Products

connect_secure
policy_secure
zero_trust_access_gateway

References

Third-party advisories · 1

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457