cve-2025-22457
Vulnerability from cvelistv5
Published
2025-04-03 15:20
Modified
2025-07-30 01:36
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
References
3c1d8aa1-5a33-4ea4-8992-aadd6440af75https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457Vendor Advisory
Impacted products
IvantiConnect Secure
IvantiPolicy Secure
IvantiNeurons for ZTA gateways
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22457",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T03:55:18.340082Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-04-04",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:36:15.776Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2025-04-04T00:00:00+00:00",
            "value": "CVE-2025-22457 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Connect Secure",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "22.7R2.6",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Policy Secure",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "22.7R1.4",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Neurons for ZTA gateways",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "22.8R2.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.\u003c/span\u003e"
            }
          ],
          "value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-03T15:20:23.628Z",
        "orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
        "shortName": "ivanti"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
    "assignerShortName": "ivanti",
    "cveId": "CVE-2025-22457",
    "datePublished": "2025-04-03T15:20:23.628Z",
    "dateReserved": "2025-01-07T02:19:22.796Z",
    "dateUpdated": "2025-07-30T01:36:15.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-22457\",\"sourceIdentifier\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"published\":\"2025-04-03T16:15:35.370\",\"lastModified\":\"2025-05-03T01:00:02.097\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer basado en pila en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.6, Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.4 e Ivanti ZTA Gateways anterior a la versi\u00f3n 22.8R2.2 permite que un atacante remoto no autenticado logre la ejecuci\u00f3n remota de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-04-04\",\"cisaActionDue\":\"2025-04-11\",\"cisaRequiredAction\":\"Apply mitigations as set forth in the CISA instructions linked below.\",\"cisaVulnerabilityName\":\"Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability\",\"weaknesses\":[{\"source\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:*:-:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.7\",\"matchCriteriaId\":\"A0EC2FCD-5402-4269-B86A-18F8DFB8F2C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2927A40D-E8A3-4DB6-9C93-04A6C6035C3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EAD1423-4477-4C35-BF93-697A2C0697C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"858353BC-12CB-4014-BFCA-DA7B1B3DD4B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"865F72BF-57B2-4B0C-BACE-3500E0AE6751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"39E11407-E0C0-454F-B731-7DA4CBC696EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"247E71F8-A03B-4097-B7BF-09F8BF3ED4D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0059C69-4A18-4153-9D9A-5C1B03AD1453\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC523C88-115E-4CD9-A8CB-AE6E6610F7D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3447428E-DBCD-4553-B51D-AC08ECAFD881\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A08BAF98-7F05-4596-8BFC-91F1A79D3BD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"40717D97-A062-49C4-B105-C22AAC3A206A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E4387B4-BC5C-41DE-92DA-84866A649AD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"24514B40-540E-45D7-90DC-BCC1D9D7E92C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD510E9-12DC-4942-BAA0-6405CBD905EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r5:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA11BB6D-36C7-438B-A5A7-71C3CB2E5EC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B01001B-FA11-4297-AB81-12A00B97C820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F28E6B1-44AB-4635-8939-5B0A44BED1E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E9D957B-49F9-492D-A66A-0D25BA27AD35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1AB497E-E403-4DEE-A83D-CB2E119E5E96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA6B3322-9AFB-44B5-B571-995AB606FD01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"47CB7C12-D642-4015-842C-37241F87DB86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"58E49DF1-F66A-4F52-87FA-A50DFD735ECB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A0393A-C1C6-4708-BC41-5A5B8FB765FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3358B0-4751-4DCD-8BFC-BB4C68505658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C9313A0-2F33-412B-A6F0-E51AE19E199B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.6:*:*:*:*:*:*\",\"matchCriteriaId\":\"2979603E-F5CF-4C53-9828-36795E1B6247\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.7:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D33C96-EE5C-41EB-8D9F-88ED025C191A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F0A44E1-3670-4AD5-A54D-FDA6C200AA73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5B4CE43-2D9B-4DF9-AC2A-F649622CD190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C9B3FF8-F613-404D-BC85-9DD6F2A6DB5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFC583B5-18F5-4943-8C68-6C601857CE5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E4DE5D9-C92B-4143-835F-2D16F0CC328F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.6:*:*:*:*:*:*\",\"matchCriteriaId\":\"F874F69E-C621-4C4B-802F-900E7BFAB71B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"67D43D1D-564D-4ACD-B0FF-3828B95E9864\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC8480E0-17C0-4590-950F-D3954E735365\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FAF4FB0-A88C-4A87-B6CB-32EF7B415885\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.8:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9779B197-1A14-4750-B8BC-9CA00F46D123\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.8:r1.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAFF5CD8-AB78-436B-AA16-8447706D0E86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.8:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ADB0039-5652-428A-96A4-66B29DFB0F9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:*:-:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.7\",\"matchCriteriaId\":\"48EFA63B-1322-45B0-B86D-87F24A2B4E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F22B988-2585-4853-9838-AB3746C8B888\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD9BE8C2-43EB-4870-A4B7-267CB17A19F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8915BB2-C1C0-4189-A847-DDB2EF161D62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D24A8DB-D697-4C60-935D-B08EE36861CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.7:r1.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C12D325-77E1-4873-8A77-D76F4A73BCF8\"}]}]}],\"references\":[{\"url\":\"https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457\",\"source\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.