CVE-2025-22467
published 2025-02-11CVE-2025-22467: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.71%
88.4th percentile
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | <= 22.7 | — |
| ivanti | connect_secure | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-22467 is a stack-based buffer overflow (CWE-121) in Ivanti Connect Secure; target detection of authenticated remote exploitation attempts against ICS versions 22.7R2.5 and older ↗
- →CVE-2025-22467 requires only low-privilege authenticated access (not admin) to exploit for RCE — monitor for anomalous authenticated sessions from low-privilege accounts performing unusual operations on ICS appliances ↗
- →Pulse Connect Secure 9.x is also affected but will NOT receive patches — treat any 9.x deployment as permanently vulnerable and prioritize detection/isolation ↗
- ·No active in-the-wild exploitation reported at time of disclosure; however, Ivanti recommends immediate patching given CVSS 9.9 critical severity ↗
- ·Pulse Connect Secure 9.x reached End-of-Support December 31, 2024 and will not receive backported fixes for this vulnerability ↗
- ·Ivanti has provided no mitigations; patching to ICS 22.7R2.6 is the only recommended remediation ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2025-22467
vendor_ivanti·2025-02-11·CVSS 9.9
CVE-2025-22467 [CRITICAL] CWE-121 Ivanti Security Advisory: CVE-2025-22467
Ivanti Security Advisory: CVE-2025-22467
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
CVE IDs: CVE-2025-22467
CVSS Base Score: 9.9
Severity: CRITICAL
CWEs: CWE-121
GHSA
GHSA-gv9m-9fjq-vfqq: A stack-based buffer overflow in Ivanti Connect Secure before version 22
ghsa_unreviewed·2025-02-11
CVE-2025-22467 [CRITICAL] CWE-121 GHSA-gv9m-9fjq-vfqq: A stack-based buffer overflow in Ivanti Connect Secure before version 22
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
No detection rules found.
No public exploits indexed.
2025-02-11
Published