What is the CVSS score of CVE-2025-22457?

CVE-2025-22457 has a CVSS 3.1 base score of 9.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 53.7%.

Which versions of Connect Secure are affected by CVE-2025-22457?

Organizations using Ivanti Connect Secure face critical risk from CVE-2025-22457, a stack-based buffer overflow vulnerability rated CVSS 9.0.

Is there a public PoC exploit available for CVE-2025-22457?

Yes, a public proof-of-concept exploit is available for CVE-2025-22457. Prioritise patching immediately. EPSS: 53.7%.

How to fix or mitigate CVE-2025-22457?

Within 24 hours: Identify all affected systems running Ivanti Connect Secure and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.

Connect Secure CVE-2025-22457

CRITICAL

Stack-based Buffer Overflow (CWE-121)

2025-04-03 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

RCE Buffer Overflow Stack Overflow Ivanti Connect Secure Policy Secure Zero Trust Access Gateway

9.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:34 vuln.today

Added to CISA KEV

Oct 24, 2025 - 14:29 cisa

CISA KEV

PoC Detected

Oct 24, 2025 - 14:29 vuln.today

Public exploit code

CVE Published

Apr 03, 2025 - 16:15 nvd

CRITICAL 9.0

DescriptionNVD

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

AnalysisAI

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated remote code execution, the third major Ivanti VPN zero-day within fifteen months, exploited by UNC5221.

Technical ContextAI

The CWE-121 stack overflow allows memory corruption through crafted requests. Mandiant attributed initial exploitation to UNC5221 with deployment of the TRAILBLAZE dropper and BRUSHFIRE backdoor.

RemediationAI

Apply patches. Strongly consider migrating to alternative VPN solutions. Factory reset before patching. Run Ivanti Integrity Checker.

More from same product – last 7 days

CVE-2026-8992 HIGH This Week

8.8 May 22

Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run ar

CVE-2025-22457 vulnerability details – vuln.today

Back

Connect Secure CVE-2025-22457

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code