CVE-2025-22457
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-22457. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1EPSS Score
v2025.03.14There is a 26.5% chance that this vulnerability will be exploited in the wild within the next 30 days.
Attack Vector Metrics
Impact Metrics
Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
Available Exploits
Ivanti Connect Secure - Stack-based Buffer Overflow
Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 contain a stack-based buffer overflow caused by improper input handling, allowing remote attackers to execute arbitrary code without authentication.
Related News
Just last month, CVE-2025-22457 (CVSS 9.8) affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways was recognized as a vector for ransomware. Now, two new CVEs have been added to the growing list of high-risk Ivanti vulnerabilities; CVE-2025-4427 and…
Researchers at Rapid7 published technical details and proof-of-concept exploit code for a critical zero-day vulnerability in Ivanti Connect The post Ivanti Zero-Day CVE-2025-22457 Exploit Details Released appeared first on Daily CyberSecurity.
A vulnerability has been identified in Ivanti Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Note: CVE-2025-22457 is being exploited in the wild. A remote, unauthenticated attacker co…
Affected Products
Affected Versions:
Affected Versions:
Affected Versions:
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Due Date
Added to KEV
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Product
Ransomware Risk
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: April 3, 2025, Modified: April 3, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
Best VPNs for Multiple Devices The digital security landscape has reached a critical inflection point. **More than 50% of IoT devices currently have exploitable vulnerabilities**, while VPN-related security incidents have surged by 82.5% since 2020. With the average household now managing 25+ connected devices—from smartphones and laptops to smart TVs, …
Sofistikuota interneto ataka - pažeidžiamumai ICS įrenginiuose Saugumo tyrėjai aptiko naują kenkėjišką programą **MDifyLoader**, išnaudojančią CVE-2025-0282 ir CVE-2025-22457 spragas Ivanti Connect Secure įrenginiuose. JPCERT/CC ataskaita parodo, kad atakos vyko nuo gruodžio 2024 iki liepos. Skaitom: [https://thehackernews.com/2025/07/ivanti-zero-days-exploited-to-drop.html](https://thehackernews.com/2025/07/ivanti-zero-days-exploited-to-drop.html)