⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations as set forth in the CISA instructions linked below.. Due date: 2025-04-11.
CVE-2025-22457 — Stack-based Buffer Overflow in Ivanti Connect Secure
Severity
9.8CRITICALNVD
CNA9.0VulnCheck9.0
EPSS
53.7%
top 2.00%
CISA KEV
KEVRansomware
Added 2025-04-04
Due 2025-04-11
Exploit
PoC available
Public exploit / PoC exists
Timeline
PublishedApr 3
KEV addedApr 4
KEV dueApr 11
CISA Required Action: Apply mitigations as set forth in the CISA instructions linked below.
Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages3 packages
🔴Vulnerability Details
3💥Exploits & PoCs
2Metasploit▶
Ivanti Connect Secure Unauthenticated Remote Code Execution via Stack-based Buffer Overflow↗
Nuclei▶
Ivanti Connect Secure - Stack-based Buffer Overflow