Ivanti Policy Secure vulnerabilities

CVE-2025-0293 [LOW] CWE-93 CVE-2025-0293: CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before vers CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

CVE-2025-22457 [CRITICAL] CWE-121 CVE-2025-22457: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

CVE-2024-38657 [MEDIUM] CWE-73 CVE-2024-38657: External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy S External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.

CVE-2024-10644 [HIGH] CWE-94 CVE-2024-10644: Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before vers Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVE-2024-13842 [MEDIUM] CWE-321 CVE-2024-13842: A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before ver A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

CVE-2024-13830 [MEDIUM] CWE-79 CVE-2024-13830: Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before versi Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

CVE-2024-13843 [MEDIUM] CWE-312 CVE-2024-13843: Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

CVE-2024-12058 [MEDIUM] CWE-73 CVE-2024-12058: External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy S External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

CVE-2025-0282 [CRITICAL] CWE-121 CVE-2025-0282: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

CVE-2025-0283 [HIGH] CWE-121 CVE-2025-0283: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

CVE-2024-37401 [HIGH] CWE-125 CVE-2024-37401: An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unau An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

CVE-2024-37377 [HIGH] CWE-787 CVE-2024-37377: A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remo A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

CVE-2024-11634 [HIGH] CWE-77 CVE-2024-11634: Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before v Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

CVE-2024-38656 [CRITICAL] CWE-88 CVE-2024-38656: Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy S Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVE-2024-39711 [CRITICAL] CWE-88 CVE-2024-39711: Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy S Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVE-2024-39712 [CRITICAL] CWE-88 CVE-2024-39712: Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy S Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVE-2024-39710 [CRITICAL] CWE-88 CVE-2024-39710: Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy S Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVE-2024-38655 [HIGH] CWE-88 CVE-2024-38655: Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy S Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVE-2024-39709 [HIGH] CWE-732 CVE-2024-39709: Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

CVE-2024-8495 [HIGH] CWE-476 CVE-2024-8495: A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.