CVE-2025-22457

CRITICAL
2025-04-03 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
9.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:34 vuln.today
Added to CISA KEV
Oct 24, 2025 - 14:29 cisa
CISA KEV
PoC Detected
Oct 24, 2025 - 14:29 vuln.today
Public exploit code
CVE Published
Apr 03, 2025 - 16:15 nvd
CRITICAL 9.0

Tags

Ivanti Buffer Overflow RCE Stack Overflow Connect Secure Policy Secure Zero Trust Access Gateway

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

Analysis

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated remote code execution, the third major Ivanti VPN zero-day within fifteen months, exploited by UNC5221.

Technical Context

The CWE-121 stack overflow allows memory corruption through crafted requests. Mandiant attributed initial exploitation to UNC5221 with deployment of the TRAILBLAZE dropper and BRUSHFIRE backdoor.

Affected Products

['Ivanti Connect Secure before 22.7R2.6', 'Ivanti Policy Secure before 22.7R1.4', 'Ivanti ZTA Gateways before 22.8R2.2']

Remediation

Apply patches. Strongly consider migrating to alternative VPN solutions. Factory reset before patching. Run Ivanti Integrity Checker.

Priority Score

169
Low Medium High Critical
KEV: +50
EPSS: +53.7
CVSS: +45
POC: +20

Share

CVE-2025-22457 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy