Unrated severityCISA KEVNVD Advisory· Published Apr 3, 2025· Updated Feb 26, 2026
CVE-2025-22457
CVE-2025-22457
Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
Affected products
6<22.7R2.6+ 1 more
- (no CPE)range: <22.7R2.6
- (no CPE)range: 22.7R2.6
<22.7R1.4+ 1 more
- (no CPE)range: <22.7R1.4
- (no CPE)range: 22.7R1.4
- Range: <22.8R2.2
- Range: 22.8R2.2
Patches
Vulnerability mechanics
References
1News mentions
1- Risky Business #787 -- Trump fires NSA director, CISA cuts inboundRisky Business · Apr 9, 2025