cvelistv5 - cve-2025-22457

CVE-2025-22457 (GCVE-0-2025-22457)

Vulnerability from cvelistv5

Published

2025-04-03 15:20

Modified

2025-10-21 22:55

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Summary

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

References

URL

Tags

	3c1d8aa1-5a33-4ea4-8992-aadd6440af75	https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457	Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457	US Government Resource

Impacted products

Vendor

Product

Version

Ivanti

Connect Secure

Patch: 22.7R2.6

	Ivanti	Policy Secure	Patch: 22.7R1.4
	Ivanti	Neurons for ZTA gateways	Patch: 22.8R2.2

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2025-04-04

Due date: 2025-04-11

Required action: Apply mitigations as set forth in the CISA instructions linked below.

Used in ransomware: Known

Notes: CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22457

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22457",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T03:55:18.340082Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-04-04",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:21.943Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-04-04T00:00:00+00:00",
            "value": "CVE-2025-22457 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Connect Secure",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "22.7R2.6",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Policy Secure",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "22.7R1.4",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Neurons for ZTA gateways",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "22.8R2.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.\u003c/span\u003e"
            }
          ],
          "value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-03T15:20:23.628Z",
        "orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
        "shortName": "ivanti"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
    "assignerShortName": "ivanti",
    "cveId": "CVE-2025-22457",
    "datePublished": "2025-04-03T15:20:23.628Z",
    "dateReserved": "2025-01-07T02:19:22.796Z",
    "dateUpdated": "2025-10-21T22:55:21.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-22457",
      "cwes": "[\"CWE-121\"]",
      "dateAdded": "2025-04-04",
      "dueDate": "2025-04-11",
      "knownRansomwareCampaignUse": "Known",
      "notes": "CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22457",
      "product": "Connect Secure, Policy Secure, and ZTA Gateways",
      "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below.",
      "shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ",
      "vendorProject": "Ivanti",
      "vulnerabilityName": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-22457\",\"sourceIdentifier\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"published\":\"2025-04-03T16:15:35.370\",\"lastModified\":\"2025-10-24T14:29:56.140\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer basado en pila en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.6, Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.4 e Ivanti ZTA Gateways anterior a la versi\u00f3n 22.8R2.2 permite que un atacante remoto no autenticado logre la ejecuci\u00f3n remota de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-04-04\",\"cisaActionDue\":\"2025-04-11\",\"cisaRequiredAction\":\"Apply mitigations as set forth in the CISA instructions linked below.\",\"cisaVulnerabilityName\":\"Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability\",\"weaknesses\":[{\"source\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:*:-:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.7\",\"matchCriteriaId\":\"A0EC2FCD-5402-4269-B86A-18F8DFB8F2C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2927A40D-E8A3-4DB6-9C93-04A6C6035C3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EAD1423-4477-4C35-BF93-697A2C0697C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"858353BC-12CB-4014-BFCA-DA7B1B3DD4B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"865F72BF-57B2-4B0C-BACE-3500E0AE6751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"39E11407-E0C0-454F-B731-7DA4CBC696EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"247E71F8-A03B-4097-B7BF-09F8BF3ED4D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0059C69-4A18-4153-9D9A-5C1B03AD1453\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC523C88-115E-4CD9-A8CB-AE6E6610F7D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3447428E-DBCD-4553-B51D-AC08ECAFD881\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A08BAF98-7F05-4596-8BFC-91F1A79D3BD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.7:r2.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"40717D97-A062-49C4-B105-C22AAC3A206A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:*:-:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.7\",\"matchCriteriaId\":\"48EFA63B-1322-45B0-B86D-87F24A2B4E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F22B988-2585-4853-9838-AB3746C8B888\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD9BE8C2-43EB-4870-A4B7-267CB17A19F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8915BB2-C1C0-4189-A847-DDB2EF161D62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D24A8DB-D697-4C60-935D-B08EE36861CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.7:r1.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C12D325-77E1-4873-8A77-D76F4A73BCF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:zero_trust_access_gateway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.8\",\"matchCriteriaId\":\"B2E32E9D-45B1-4007-A385-799230ABDF09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:zero_trust_access_gateway:22.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6B98C14-B9B8-4E0F-9494-099FCC6DF6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:zero_trust_access_gateway:22.8:r2.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CAA280F-D6C6-441D-973D-0DA2DE1AB320\"}]}]}],\"references\":[{\"url\":\"https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457\",\"source\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22457\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-24T03:55:18.340082Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-04-04\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-04T00:00:00+00:00\", \"value\": \"CVE-2025-22457 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-03T15:41:58.801Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-100\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-100 Overflow Buffers\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Ivanti\", \"product\": \"Connect Secure\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"22.7R2.6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Ivanti\", \"product\": \"Policy Secure\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"22.7R1.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Ivanti\", \"product\": \"Neurons for ZTA gateways\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"22.8R2.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121 Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\", \"shortName\": \"ivanti\", \"dateUpdated\": \"2025-04-03T15:20:23.628Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-22457\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T22:55:21.943Z\", \"dateReserved\": \"2025-01-07T02:19:22.796Z\", \"assignerOrgId\": \"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\", \"datePublished\": \"2025-04-03T15:20:23.628Z\", \"assignerShortName\": \"ivanti\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-jjr5-fpcg-gc53

Vulnerability from github

Published

2025-04-03 18:30

Modified

2025-10-22 00:33

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-22457"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-03T16:15:35Z",
    "severity": "CRITICAL"
  },
  "details": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.",
  "id": "GHSA-jjr5-fpcg-gc53",
  "modified": "2025-10-22T00:33:16Z",
  "published": "2025-04-03T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22457"
    },
    {
      "type": "WEB",
      "url": "https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ncsc-2025-0105

Vulnerability from csaf_ncscnl

Published

2025-04-03 14:19

Modified

2025-04-03 14:19

Summary

Kwetsbaarheid verholpen in Ivanti Connect Secure, Policy Secure en ZTA Gateways

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Ivanti heeft een kwetsbaarheid verholpen in Connect Secure, Policy Secure en ZTA Gateways.

Interpretaties

Een kwaadwillende kan de kwetsbaarheid misbruiken om willekeurige code uit te voeren op het kwetsbare systeem zonder voorafgaande authenticatie. Ivanti meldt informatie te hebben dat de kwetsbaarheid beperkt is misbruikt op Connect Secure en Pulse Connect Secure systemen. Pulse Connect Secure is sinds 31 december 2024 End-of-Life en End-of-Support. Er zijn echter nog veel van deze End-of-Life systemen actief in gebruik en vindbaar op Internet. Dit is voor het NCSC de reden om dit beveiligingsadvies in te schalen als **HIGH/HIGH**. Ivanti meldt dat er voor zover bekend geen misbruik heeft plaatsgevonden op Policy Secure en ZTA Gateway systemen, omdat deze systemen niet zichtbaar zijn vanaf internet, of aanvullende maatregelen hebben die de kans op misbruik zeer klein maakt.

Oplossingen

Pulse Connect Secure appliances 9.1x krijgen **geen** updates, omdat deze productlijn **End-of-Life** en **End-of-Support** is. Het NCSC adviseert om deze systemen niet meer te gebruiken, uit te schakelen en te vervangen door ondersteunde systemen. Neem hiervoor contact op met de leverancier. Ivanti heeft updates beschikbaar gesteld voor Connect Secure, door versie 22.7R2.6 uit te brengen. Deze update is 11 februari 2025 vrijgegeven. De kwetsbaarheid is daarin verholpen als reguliere bug. Het NCSC heeft hiervoor op 12 februari beveiligingsadvies NCSC-2025-0052 gepubliceerd. Organisaties die dit beveiligingsadvies hebben opgevolgd zijn daardoor niet (meer) kwetsbaar. Voor Policy Secure is een update in ontwikkeling. Deze wordt 21 april verwacht. Voor ZTA Gateway is een update in ontwikkeling. Deze wordt 19 april verwacht. Het risico van actief misbruik is voor de laatstgenoemde systemen sterk gereduceerd vanwege additionele maatregelen die reeds in deze producten zijn geïmplementeerd. Raadpleeg de informatie van Ivanti voor eventuele additionele handelingsperspectieven. Zie bijgevoegde referenties voor meer informatie.

Kans

high

Schade

high

CWE-121

Stack-based Buffer Overflow

CWE-319

Cleartext Transmission of Sensitive Information

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Ivanti heeft een kwetsbaarheid verholpen in Connect Secure, Policy Secure en ZTA Gateways.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheid misbruiken om willekeurige code uit te voeren op het kwetsbare systeem zonder voorafgaande authenticatie.\n\nIvanti meldt informatie te hebben dat de kwetsbaarheid beperkt is misbruikt op Connect Secure en Pulse Connect Secure systemen. Pulse Connect Secure is sinds 31 december 2024 End-of-Life en End-of-Support. Er zijn echter nog veel van deze End-of-Life systemen actief in gebruik en vindbaar op Internet. Dit is voor het NCSC de reden om dit beveiligingsadvies in te schalen als **HIGH/HIGH**.\n\nIvanti meldt dat er voor zover bekend geen misbruik heeft plaatsgevonden op Policy Secure en ZTA Gateway systemen, omdat deze systemen niet zichtbaar zijn vanaf internet, of aanvullende maatregelen hebben die de kans op misbruik zeer klein maakt.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Pulse Connect Secure appliances 9.1x krijgen **geen** updates, omdat deze productlijn **End-of-Life** en **End-of-Support** is. Het NCSC adviseert om deze systemen niet meer te gebruiken, uit te schakelen en te vervangen door ondersteunde systemen. Neem hiervoor contact op met de leverancier.\n\nIvanti heeft updates beschikbaar gesteld voor Connect Secure, door versie 22.7R2.6 uit te brengen. Deze update is 11 februari 2025 vrijgegeven. De kwetsbaarheid is daarin verholpen als reguliere bug. Het NCSC heeft hiervoor op 12 februari beveiligingsadvies NCSC-2025-0052 gepubliceerd. Organisaties die dit beveiligingsadvies hebben opgevolgd zijn daardoor niet (meer) kwetsbaar.\n\nVoor Policy Secure is een update in ontwikkeling. Deze wordt 21 april verwacht.\n\nVoor ZTA Gateway is een update in ontwikkeling. Deze wordt 19 april verwacht.\n\nHet risico van actief misbruik is voor de laatstgenoemde systemen sterk gereduceerd vanwege additionele maatregelen die reeds in deze producten zijn ge\u00efmplementeerd. Raadpleeg de informatie van Ivanti voor eventuele additionele handelingsperspectieven.\n\nZie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Cleartext Transmission of Sensitive Information",
        "title": "CWE-319"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0052"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US"
      }
    ],
    "title": "Kwetsbaarheid verholpen in Ivanti Connect Secure, Policy Secure en ZTA Gateways",
    "tracking": {
      "current_release_date": "2025-04-03T14:19:37.560619Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0105",
      "initial_release_date": "2025-04-03T14:19:37.560619Z",
      "revision_history": [
        {
          "date": "2025-04-03T14:19:37.560619Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-22457",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-22457",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-22457.json"
        }
      ],
      "title": "CVE-2025-22457"
    }
  ]
}

CERTFR-2025-ALE-003

Vulnerability from certfr_alerte

[Mise à jour du 11 avril 2025]

Le CERT-FR a connaissance d'une preuve de concept publique permettant de provoquer une exécution de code arbitraire à distance.

[Mise à jour du 04 avril 2025]

Le CERT-FR a connaissance d'une preuve de concept publique permettant de provoquer un arrêt du serveur Web.

[Publication initiale]

Une vulnérabilité critique de type débordement de pile a été découverte dans Pulse Connect Secure, Ivanti Connect Secure (ICS), Policy Secure (IPS) et Zero Trust Access (ZTA) Gateways. Cette vulnérabilité, d'identifiant CVE-2025-22457, permet à un attaquant non authentifié de provoquer une exécution de code arbitraire à distance.

Ivanti indique que cette vulnérabilité est activement exploitée [1].

La mise à jour corrective pour les ICS est disponible depuis le 11 février 2025. Dans son rapport [2], Mandiant indique avoir constaté des traces d'exploitation depuis la mi-mars 2025. Il peut cependant être utile d'effectuer une recherche de compromission même si les correctifs ont été préalablement installés.

À titre de précision, la vulnérabilité CVE-2025-22457 est distincte de la vulnérabilité CVE-2025-0282, qui affecte sensiblement les mêmes produits, et qui a fait l'objet de l'alerte CERTFR-2025-ALE-001.

Solutions

[Mise à jour du 04 avril 2025]

Les recommandations suivantes sont listées par ordre de priorité. * isoler totalement la machine concernée du réseau, vis-à-vis d'Internet comme du réseau interne, afin de limiter les risques de latéralisation ; * en cas d'utilisation d'une appliance virtuelle, réaliser un instantané du système de fichier et de la mémoire vive ; * si possible, éviter d'éteindre la machine afin de conserver les traces nécessaires aux investigations ; * mettre sous séquestre les journaux collectés ; * procéder à l’analyse des serveurs afin d’identifier une possible compromission à l’aide des indicateurs de compromission publiés par Mandiant [2] ; * l'éditeur recommande d'exécuter les versions externes de son script Integrity Check Tool (ICT) ; * en cas de compromission : * signaler l’événement auprès du CERT-FR en mettant en copie vos éventuels CSIRTs métier et consulter les bons réflexes en cas d'intrusion sur votre système d'information [3] ; * effectuer une remise à la configuration de sortie d'usine (Factory Reset) [4] ; * le CERT-FR rappelle que certaines menaces peuvent persister à une réinitialisation, ce dont l'utilisation dans les contextes sensibles doit tenir compte ; * procéder à une montée de version du micrologiciel (firmware) si le correctif est disponible ; * considérer les secrets stockés sur l'équipement, ou y ayant transité en clair, comme compromis. Les actions suivantes sont dès lors nécessaires : * réinitialiser les secrets liés au LDAP ou à l'Active Directory, si configuré. * le CERT-FR a connaissance de latéralisation utilisant ces secrets. * révoquer et réémettre tous les certificats présents sur les équipements affectés : * certificats utilisés pour les machines et/ou pour l’authentification utilisateur (coté client et serveur) ; * certificats de signature de code et les certificats TLS pour l’interface exposée. * réinitialiser le mot de passe d'administration ; * réinitialiser les clés d’API stockées sur l’équipement ; * réinitialiser les mots de passe de tout compte local défini sur la passerelle, y compris les comptes de service utilisés dans la configuration liée aux serveurs d’authentification ; * révoquer l'ensemble des moyens d'authentification (tickets Kerberos...) des comptes de services utilisés. * réinitialiser les authentifications des serveurs de licence. * Une fois la machine isolée et les collectes réalisées, conduire une recherche de latéralisation sur votre système d'information depuis l'équipement compromis, notamment : * en recherchant les indicateurs de compromission décrits plus bas dans cette alerte ; * en cherchant les connexions ou tentatives de connexion vers Internet depuis l'équipement ; * puis en cherchant ces adresses IP de destination pour vérifier si d’autres machines ont tenté une connexion. * En cas d'absence de compromission : * procéder à une montée de version du micrologiciel (firmware) si le correctif est disponible ; * si aucune mise à jour correctrice n'est disponible, l'équipement est à risque de compromission; contactez le service d'assistance Ivanti et, dans la mesure du possible, déconnectez l'équipement d'Internet. * surveiller l'activité des comptes et des services liés à l'équipement, notamment le compte de service LDAP ou Active Directory, si celui a été configuré.

L'éditeur indique que les correctifs seront disponibles le 19 avril 2025 pour Zero Trust Access Gateways et le 21 avril 2025 pour Ivanti Policy Secure. L'éditeur indique que les Pulse Connect Secure en versions 9.1x sont en fin de vie depuis le 31 décembre 2024. Les utilisateurs peuvent contacter Ivanti pour migrer vers une version à jour.

Impacted products

Vendor	Product	Description
Ivanti	Pulse Connect Secure	Pulse Connect Secure versions antérieures à 22.7R2.6
Ivanti	Zero Trust Access gateways	Zero Trust Access Gateways versions antérieures à 22.8R2.2
Ivanti	Policy Secure (IPS)	Ivanti Policy Secure (IPS) versions antérieures à 22.7R1.4
Ivanti	Connect Secure (ICS)	Ivanti Connect Secure (ICS) versions antérieures à 22.7R2.6

References

Title

Publication Time

Tags

Avis CERT-FR CERTFR-2025-AVI-0273 du 3 avril 2025	-	other
[1] Bulletin de sécurité Ivanti April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 du 03 avril 2025	-	other
[2] Rapport Mandiant du 3 avril 2025	-	other
Avis CERT-FR CERTFR-2025-AVI-0121 du 12 février 2025	-	other
[4] Bulletin technique Ivanti relatif à la réinitialisation de l'équipement	-	other
[3] Les bons réflexes en cas d’intrusion sur un système d’information	-	other
Bulletin de sécurité Ivanti du 11 février 2025	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pulse Connect Secure versions ant\u00e9rieures \u00e0 22.7R2.6",
      "product": {
        "name": "Pulse Connect Secure",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    },
    {
      "description": "Zero Trust Access Gateways versions ant\u00e9rieures \u00e0 22.8R2.2",
      "product": {
        "name": "Zero Trust Access gateways",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    },
    {
      "description": "Ivanti Policy Secure (IPS) versions ant\u00e9rieures \u00e0 22.7R1.4",
      "product": {
        "name": "Policy Secure (IPS)",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    },
    {
      "description": "Ivanti Connect Secure (ICS) versions ant\u00e9rieures \u00e0 22.7R2.6",
      "product": {
        "name": "Connect Secure (ICS)",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les correctifs seront disponibles le 19 avril 2025 pour Zero Trust Access Gateways et le 21 avril 2025 pour Ivanti Policy Secure.\nL\u0027\u00e9diteur indique que les Pulse Connect Secure en versions 9.1x sont en fin de vie depuis le 31 d\u00e9cembre 2024. Les utilisateurs peuvent contacter Ivanti pour migrer vers une version \u00e0 jour.",
  "closed_at": "2025-06-24",
  "content": "## Solutions\n\n**[Mise \u00e0 jour du 04 avril 2025]**\n\nLes recommandations suivantes sont list\u00e9es par ordre de priorit\u00e9.\n* isoler totalement la machine concern\u00e9e du r\u00e9seau, vis-\u00e0-vis d\u0027Internet comme du r\u00e9seau interne, afin de limiter les risques de lat\u00e9ralisation ;\n* en cas d\u0027utilisation d\u0027une appliance virtuelle, r\u00e9aliser un instantan\u00e9 du syst\u00e8me de fichier et de la m\u00e9moire vive ;\n* si possible, \u00e9viter d\u0027\u00e9teindre la machine afin de conserver les traces n\u00e9cessaires aux investigations ;\n* mettre sous s\u00e9questre les journaux collect\u00e9s ;\n* proc\u00e9der \u00e0 l\u2019analyse des serveurs afin d\u2019identifier une possible compromission \u00e0 l\u2019aide des indicateurs de compromission publi\u00e9s par Mandiant [2] ;\n* l\u0027\u00e9diteur recommande d\u0027ex\u00e9cuter les versions externes de son script Integrity Check Tool (ICT) ;\n* en cas de compromission :\n    * signaler l\u2019\u00e9v\u00e9nement aupr\u00e8s du CERT-FR en mettant en copie vos \u00e9ventuels CSIRTs m\u00e9tier et consulter les bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me d\u0027information [3] ;\n    * effectuer une remise \u00e0 la configuration de sortie d\u0027usine (*Factory Reset*) [4] ;\n        * le CERT-FR rappelle que certaines menaces peuvent persister \u00e0 une r\u00e9initialisation, ce dont l\u0027utilisation dans les contextes sensibles doit tenir compte ;\n    * proc\u00e9der \u00e0 une mont\u00e9e de version du micrologiciel (*firmware*) si le correctif est disponible ;\n    * consid\u00e9rer les secrets stock\u00e9s sur l\u0027\u00e9quipement, ou y ayant transit\u00e9 en clair, comme compromis. Les actions suivantes sont d\u00e8s lors n\u00e9cessaires :\n        * r\u00e9initialiser les secrets li\u00e9s au LDAP ou \u00e0 l\u0027Active Directory, si configur\u00e9.\n            * le CERT-FR a connaissance de lat\u00e9ralisation utilisant ces secrets.\n        * r\u00e9voquer et r\u00e9\u00e9mettre tous les certificats pr\u00e9sents sur les \u00e9quipements affect\u00e9s :\n            * certificats utilis\u00e9s pour les machines et/ou pour l\u2019authentification utilisateur (cot\u00e9 client et serveur) ;\n            * certificats de signature de code et les certificats TLS pour l\u2019interface expos\u00e9e.\n        * r\u00e9initialiser le mot de passe d\u0027administration ;\n        * r\u00e9initialiser les cl\u00e9s d\u2019API stock\u00e9es sur l\u2019\u00e9quipement ;\n        * r\u00e9initialiser les mots de passe de tout compte local d\u00e9fini sur la passerelle, y compris les comptes de service utilis\u00e9s dans la configuration li\u00e9e aux serveurs d\u2019authentification ;\n        * r\u00e9voquer l\u0027ensemble des moyens d\u0027authentification (tickets Kerberos...) des comptes de services utilis\u00e9s.\n        * r\u00e9initialiser les authentifications des serveurs de licence.\n    * Une fois la machine isol\u00e9e et les collectes r\u00e9alis\u00e9es, conduire une recherche de lat\u00e9ralisation sur votre syst\u00e8me d\u0027information depuis l\u0027\u00e9quipement compromis, notamment :\n        * en recherchant les indicateurs de compromission d\u00e9crits plus bas dans cette alerte ;\n        * en cherchant les connexions ou tentatives de connexion vers Internet depuis l\u0027\u00e9quipement ;\n        * puis en cherchant ces adresses IP de destination pour v\u00e9rifier si d\u2019autres machines ont tent\u00e9 une connexion.\n* En cas d\u0027absence de compromission :\n    * proc\u00e9der \u00e0 une mont\u00e9e de version du micrologiciel (*firmware*) si le correctif est disponible ;\n    * si aucune mise \u00e0 jour correctrice n\u0027est disponible, l\u0027\u00e9quipement est \u00e0 risque de compromission; contactez le service d\u0027assistance Ivanti et, dans la mesure du possible, d\u00e9connectez l\u0027\u00e9quipement d\u0027Internet.\n    * surveiller l\u0027activit\u00e9 des comptes et des services li\u00e9s \u00e0 l\u0027\u00e9quipement, notamment le compte de service LDAP ou Active Directory, si celui a \u00e9t\u00e9 configur\u00e9.",
  "cves": [
    {
      "name": "CVE-2025-22457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22457"
    }
  ],
  "initial_release_date": "2025-04-04T00:00:00",
  "last_revision_date": "2025-06-24T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0273 du 3 avril 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0273/"
    },
    {
      "title": "[1] Bulletin de s\u00e9curit\u00e9 Ivanti April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 du 03 avril 2025",
      "url": "https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457"
    },
    {
      "title": "[2] Rapport Mandiant du 3 avril 2025",
      "url": "https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability?hl=en"
    },
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0121 du 12 f\u00e9vrier 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0121/"
    },
    {
      "title": "[4] Bulletin technique Ivanti relatif \u00e0 la r\u00e9initialisation de l\u0027\u00e9quipement",
      "url": "https://forums.ivanti.com/s/article/KB22964?language=en_US"
    },
    {
      "title": "[3] Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti du 11 f\u00e9vrier 2025",
      "url": "https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US"
    }
  ],
  "reference": "CERTFR-2025-ALE-003",
  "revisions": [
    {
      "description": "Ajout des recommandations",
      "revision_date": "2025-04-04T00:00:00.000000"
    },
    {
      "description": " Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante. ",
      "revision_date": "2025-06-24T00:00:00.000000"
    },
    {
      "description": "Version initiale",
      "revision_date": "2025-04-03T00:00:00.000000"
    },
    {
      "description": "Ajout de la connaissance d\u0027un POC",
      "revision_date": "2025-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cspan class=\"important-content\"\u003e**\\[Mise \u00e0 jour du 11 avril 2025\\]** \u003c/span\u003e\n\nLe CERT-FR a connaissance d\u0027une preuve de concept publique permettant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n\n**[Mise \u00e0 jour du 04 avril 2025]** \n\nLe CERT-FR a connaissance d\u0027une preuve de concept publique permettant de provoquer un arr\u00eat du serveur Web.\n\n**[Publication initiale]**\n\nUne vuln\u00e9rabilit\u00e9 critique de type d\u00e9bordement de pile a \u00e9t\u00e9 d\u00e9couverte dans Pulse Connect Secure, Ivanti Connect Secure (ICS), Policy Secure (IPS) et Zero Trust Access (ZTA) Gateways. Cette vuln\u00e9rabilit\u00e9, d\u0027identifiant CVE-2025-22457, permet \u00e0 un attaquant non authentifi\u00e9 de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n\nIvanti indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e [1].\n\nLa mise \u00e0 jour corrective pour les ICS est disponible depuis le 11 f\u00e9vrier 2025. Dans son rapport [2], Mandiant indique avoir constat\u00e9 des traces d\u0027exploitation depuis la mi-mars 2025. Il peut cependant \u00eatre utile d\u0027effectuer une recherche de compromission m\u00eame si les correctifs ont \u00e9t\u00e9 pr\u00e9alablement install\u00e9s.\n\n\u00c0 titre de pr\u00e9cision, la vuln\u00e9rabilit\u00e9 CVE-2025-22457 est distincte de la vuln\u00e9rabilit\u00e9 CVE-2025-0282, qui affecte sensiblement les m\u00eames produits, et qui a fait l\u0027objet de l\u0027alerte [CERTFR-2025-ALE-001](https://www.cert.ssi.gouv.fr/alerte/CERTFR-2025-ALE-001/).\n",
  "title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans les produits Ivanti",
  "vendor_advisories": []
}

fkie_cve-2025-22457

Vulnerability from fkie_nvd

Published

2025-04-03 16:15

Modified

2025-10-24 14:29

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	3c1d8aa1-5a33-4ea4-8992-aadd6440af75	https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457	Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457	US Government Resource

Impacted products

Vendor	Product	Version
ivanti	connect_secure	*
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	policy_secure	*
ivanti	policy_secure	22.7
ivanti	policy_secure	22.7
ivanti	policy_secure	22.7
ivanti	policy_secure	22.7
ivanti	policy_secure	22.7
ivanti	zero_trust_access_gateway	*
ivanti	zero_trust_access_gateway	22.8
ivanti	zero_trust_access_gateway	22.8

JSON

To clipboard

{
  "cisaActionDue": "2025-04-11",
  "cisaExploitAdd": "2025-04-04",
  "cisaRequiredAction": "Apply mitigations as set forth in the CISA instructions linked below.",
  "cisaVulnerabilityName": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "A0EC2FCD-5402-4269-B86A-18F8DFB8F2C9",
              "versionEndExcluding": "22.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*",
              "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*",
              "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*",
              "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*",
              "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*",
              "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*",
              "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*",
              "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*",
              "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*",
              "matchCriteriaId": "3447428E-DBCD-4553-B51D-AC08ECAFD881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
              "matchCriteriaId": "A08BAF98-7F05-4596-8BFC-91F1A79D3BD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.5:*:*:*:*:*:*",
              "matchCriteriaId": "40717D97-A062-49C4-B105-C22AAC3A206A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:*:-:*:*:*:*:*:*",
              "matchCriteriaId": "48EFA63B-1322-45B0-B86D-87F24A2B4E8A",
              "versionEndExcluding": "22.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*",
              "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*",
              "matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*",
              "matchCriteriaId": "8D24A8DB-D697-4C60-935D-B08EE36861CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.3:*:*:*:*:*:*",
              "matchCriteriaId": "4C12D325-77E1-4873-8A77-D76F4A73BCF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:zero_trust_access_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2E32E9D-45B1-4007-A385-799230ABDF09",
              "versionEndExcluding": "22.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:zero_trust_access_gateway:22.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "A6B98C14-B9B8-4E0F-9494-099FCC6DF6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:zero_trust_access_gateway:22.8:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "9CAA280F-D6C6-441D-973D-0DA2DE1AB320",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer basado en pila en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.6, Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.4 e Ivanti ZTA Gateways anterior a la versi\u00f3n 22.8R2.2 permite que un atacante remoto no autenticado logre la ejecuci\u00f3n remota de c\u00f3digo."
    }
  ],
  "id": "CVE-2025-22457",
  "lastModified": "2025-10-24T14:29:56.140",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 6.0,
        "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-04-03T16:15:35.370",
  "references": [
    {
      "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457"
    }
  ],
  "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2025-AVI-0273

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans les produits Ivanti. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Ivanti indique que la vulnérabilité CVE-2025-22457 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Ivanti	Pulse Connect Secure	Pulse Connect Secure versions antérieures à 22.7R2.6
Ivanti	Zero Trust Access gateways	Zero Trust Access Gateways versions antérieures à 22.8R2.2
Ivanti	Policy Secure (IPS)	Ivanti Policy Secure (IPS) versions antérieures à 22.7R1.4
Ivanti	Connect Secure (ICS)	Ivanti Connect Secure (ICS) versions antérieures à 22.7R2.6 (correctif publié le 11 février 2025)

References

Title

Publication Time

Tags

Bulletin de sécurité Ivanti April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457	2025-04-03	vendor-advisory
Avis CERT-FR CERTFR-2025-AVI-0121 du 12 février 2025	-	other
Bulletin de sécurité Ivanti du 11 février 2025	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pulse Connect Secure versions ant\u00e9rieures \u00e0 22.7R2.6",
      "product": {
        "name": "Pulse Connect Secure",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    },
    {
      "description": "Zero Trust Access Gateways versions ant\u00e9rieures \u00e0 22.8R2.2",
      "product": {
        "name": "Zero Trust Access gateways",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    },
    {
      "description": "Ivanti Policy Secure (IPS) versions ant\u00e9rieures \u00e0 22.7R1.4",
      "product": {
        "name": "Policy Secure (IPS)",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    },
    {
      "description": "Ivanti Connect Secure (ICS) versions ant\u00e9rieures \u00e0 22.7R2.6 (correctif publi\u00e9 le 11 f\u00e9vrier 2025)",
      "product": {
        "name": "Connect Secure (ICS)",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les correctifs seront disponibles le 19 avril 2025 pour Zero Trust Access Gateways et le 21 avril 2025 pour Ivanti Policy Secure.\nL\u0027\u00e9diteur indique que les Pulse Connect Secure en versions 9.1x sont en fin de vie depuis le 31 d\u00e9cembre 2024. Les utilisateurs peuvent contacter Ivanti pour migrer vers une version \u00e0 jour.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-22457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22457"
    }
  ],
  "initial_release_date": "2025-04-03T00:00:00",
  "last_revision_date": "2025-04-03T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0121 du 12 f\u00e9vrier 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0121/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti du 11 f\u00e9vrier 2025",
      "url": "https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US"
    }
  ],
  "reference": "CERTFR-2025-AVI-0273",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Ivanti. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n\nIvanti indique que la vuln\u00e9rabilit\u00e9 CVE-2025-22457 est activement exploit\u00e9e.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Ivanti",
  "vendor_advisories": [
    {
      "published_at": "2025-04-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457",
      "url": "https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-22457 (GCVE-0-2025-22457)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

ghsa-jjr5-fpcg-gc53

Vulnerability from github

ncsc-2025-0105

Vulnerability from csaf_ncscnl

CERTFR-2025-ALE-003

Vulnerability from certfr_alerte

Solutions

fkie_cve-2025-22457

Vulnerability from fkie_nvd

CERTFR-2025-AVI-0273

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature