CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2025-22457

Critical Severity
Ivanti
SVRS
93/100
CVSSv3
9.8/10
EPSS
0.10245/1

CVE-2025-22457: Critical buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways allows for remote code execution. This unauthenticated vulnerability allows attackers to execute arbitrary code.

CVE-2025-22457 is a high-severity stack-based buffer overflow affecting Ivanti products, specifically Connect Secure, Policy Secure, and ZTA Gateways, before specified versions. The SOCRadar Vulnerability Risk Score (SVRS) of 93 underscores the immediate threat, indicating that this is a critical vulnerability that needs urgent patching. Due to available exploits and its presence "In The Wild", attackers can leverage this flaw to gain control of affected systems without authentication. This can lead to significant data breaches, system compromise, and disruption of services. Affected organizations should patch immediately.

TAGS
CISA KEV
In The Wild
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-04-03
LAST MODIFIED2025-05-03
Eye Icon
SOCRadar
AI Insight

Description

CVE-2025-22457 is a reserved CVE entry, meaning a vulnerability has been reported but details are not yet publicly available. The CVSS score is 0, and the SVRS score is also 0, reflecting the lack of information and associated risk at this time. Because this is a reserved CVE, no details about the affected software, the nature of the vulnerability, or potential impact are currently known.

Key Insights

  1. Lack of Information: The "Reserved CVE" status indicates that a vulnerability has been identified, but detailed information is being withheld, likely pending vendor confirmation, patch development, or coordinated disclosure.
  2. Uncertain Risk: The CVSS and SVRS scores of 0 reflect the absence of publicly available details. The actual severity could range from informational to critical once more information is released.
  3. Potential Future Threat: Even though no information is available, its current reserveration indicates a future threat, calling for preparation and vigilance.

Mitigation Strategies

  1. Monitor Official Channels: Regularly check the National Vulnerability Database (NVD), the vendor's security advisories, and trusted cybersecurity news sources for updates on CVE-2025-22457.
  2. Prepare for Rapid Response: Have a process in place to quickly assess the impact of the vulnerability on your systems and applications once more information is released. This includes identifying potentially affected assets.
  3. Maintain Updated Inventory: Ensure a comprehensive inventory of all software and hardware assets is maintained. This is crucial for quickly determining if a newly disclosed vulnerability affects your organization.

Additional Information

Due to the reserved nature of CVE-2025-22457, there is no current information on Threat Actors/APT Groups, Exploit Status, CISA Warnings, or "In the Wild" exploitation.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
URL
https://fhlipzero.io/blogs/6_noVNC/noVNC.html2025-04-08
URL
https://ponderthebits.com/2018/02/windows-rdp-related-event-logs-identification-tracking-and-investigation/2025-04-08
URL
https://www.unicorn-engine.org/2025-04-08
IP
101.100.182.1222025-04-08
IP
150.107.31.1942025-04-08
HASH
0009f4b9972660eeb23ff3a9dccd8d862025-04-08
HASH
0a4f321c903a7fbc59566918c12aca092025-04-08

Exploits

TitleSoftware LinkDate
Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2025-224572025-04-04
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2025-224572025-04-04
N4SL1/CVE-2025-22457-PoChttps://github.com/N4SL1/CVE-2025-22457-PoC2025-04-08
sfewer-r7/CVE-2025-22457https://github.com/sfewer-r7/CVE-2025-224572025-04-09
securekomodo/CVE-2025-22457https://github.com/securekomodo/CVE-2025-224572025-04-10
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

TeamT5 Warns of Global Risks Posed by Ivanti Vulnerability - ANTARA News
2025-05-02
TeamT5 Warns of Global Risks Posed by Ivanti Vulnerability - ANTARA News | News Content: May 2, 2025 12:20 GMT+700 Taipei, (ANTARA/PRNewswire)- Asia Pacific threat intelligence leading brand TeamT5 detected that the China-nexus APT group exploited the critical vulnerability in Ivanti Connect Secure VPN appliances to infiltrate multiple entities around the globe. The victims include nearly 20 different industries across 12 countries. TeamT5 believes that the actor still maintained control over the victim's network at the time of analysis. We urge enterprises and organizations to take a comprehensive investigation. Ivanti High-Risk Vulnerability Exposes Systems to Potential Takeover
google.com
rss
forum
news
Flashpoint Weekly Vulnerability Insights and Prioritization Report
Flashpoint Intel Team2025-05-01
Flashpoint Weekly Vulnerability Insights and Prioritization Report | Anticipate, contextualize, and prioritize vulnerabilities to effectively address threats to your organization. The post Flashpoint Weekly Vulnerability Insights and Prioritization Report appeared first on Flashpoint. <div
flashpoint-intel.com
rss
forum
news
Data Breaches Digest - Week 14 2025
Dunkie ([email protected])2025-05-01
Data Breaches Digest - Week 14 2025 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 31st March and 6th April 2025. 6th April <br
dbdigest.com
rss
forum
news
Reducing Remediation Time Remains a Challenge: How Tenable Vulnerability Watch Can Help
Satnam Narang2025-04-26
Reducing Remediation Time Remains a Challenge: How Tenable Vulnerability Watch Can Help | Timely vulnerability remediation is an ongoing challenge for organizations as they struggle to prioritize the exposures that represent the greatest risk to their operations. Existing scoring systems are invaluable but can lack context. Here’s how Tenable’s Vulnerability Watch classification system can help. Background Over the past six years working in Tenable’s research organization, I’ve watched known vulnerabilities and zero-day flaws plague organizations
securityboulevard.com
rss
forum
news
DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks - The Hacker News
2025-04-25
DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks - The Hacker News | News Content: Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024," JPCERT/CC researcher Yuma Masubuchi said in a report published Thursday. CVE-2025-0282 refers to a critical security flaw in ICS that could allow
google.com
rss
forum
news
Hackers Exploited Ivanti Connect Secure 0-Day to Install DslogdRAT &amp; Web Shell - CybersecurityNews
2025-04-24
Hackers Exploited Ivanti Connect Secure 0-Day to Install DslogdRAT &amp; Web Shell - CybersecurityNews | News Content: Recent attacks against Japanese organizations have revealed sophisticated hackers exploiting a zero-day vulnerability in Ivanti Connect Secure VPN appliances. The attacks, occurring around December 2024, leveraged CVE-2025-0282 to deploy multiple malicious tools, including a custom malware called DslogdRAT and a specially crafted web shell. These tools allowed attackers to establish persistent access to compromised systems and execute arbitrary commands remotely. The threat actors demonstrated advanced capabilities by chaining the zero-day exploit with custom malware deployment techniques. After compromising the VPN appliances
google.com
rss
forum
news
1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities
Guru Baran2025-04-24
1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities | A significant increase in suspicious scanning activity targeting Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems, signaling a potential coordinated reconnaissance effort by threat actors. The spike, registering more than 230 unique IP addresses probing ICS/IPS endpoints in a single day, represents a ninefold increase over the typical daily baseline of fewer [&#8230;] The post 1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities appeared
cybersecuritynews.com
rss
forum
news

Social Media

#Cybercriminelen maken misbruik van verouderde Ivanti Connect Secure systemen met kwetsbaarheden zoals #RCE en #CVE-2025-22457. Organisaties moeten snel actie ondernemen om risico's te vermijden. Lees meer: https://t.co/03muYO7Fya
0
0
0
🚨#RCE on your VPN? It’s real. #Ivanti has released a patch for #CVE-2025-22457 – a serious buffer overflow already exploited by Chinese APTs. Are you exposed? ☑️ Vulnerable versions ☑️ 190K+ exposed Connect Secure ☑️ Pulse CS still in use (unsupported!) ☑️ How to hunt &amp; fix it https://t.co/h5HVCtiMJ2
0
1
0
securekomodo/CVE-2025-22457: CVE-2025-22457: Python Exploit POC Scanner to Detect Ivanti Connect Secure RCE https://t.co/1GsCqdn1SB
0
0
0
UNC5221’s Latest Exploit: Weaponizing CVE-2025-22457 in Ivanti Connect Secure https://t.co/JygyCKFYSh
0
0
0
Critical Vulnerability CVE-2025-22457 Exposes 5,000 Ivanti VPN Appliances ⚠️ https://t.co/XWYBdSNxuA Over 5,000 #Ivanti Connect Secure #VPN appliances remain vulnerable to CVE-2025-22457, a critical buffer overflow flaw exploited by Chinese hackers for remote code execution.
0
1
2
UNC5221 exploits CVE-2025-22457 in Ivanti Connect Secure, targeting global networks with custom malware. A critical threat to U.S. organizations and beyond. ⚠️💻 #CyberEspionage #Vulnerability #China link: https://t.co/TFJ0siCzQI https://t.co/9QQdsENn4F
0
0
1
Suspected China-Nexus Threat Actor Actively Exploiting Critical #Ivanti Connect Secure #Vulnerability (CVE-2025-22457) https://t.co/qyD97tEu57
0
0
1
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices. https://t.co/emrDD25GL9 https://t.co/PBPzcWoRBO
0
0
0
🚨 *Threat Alert:* Ivanti Connect Secure RCE Vulnerability (CVE-2025-22457) Exploited 📅 *Date:* 2025-04-11 📍 *Location:* Global (targeting edge network devices) 📌 *Attribution:* Suspected China-nexus hacking group (UNC5221), known for targeting edge devices and utilizing
0
0
0
Critical 0-day RCE vulnerability (CVE-2025-22457) in Ivanti products exploited by state-sponsored actors. Immediate patching required. #CyberSecurity #Ivanti #RCE #ZeroDay https://t.co/81ESQhsUrt
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppIvanticonnect_secure
AppIvantineurons_for_zero-trust_access
AppIvantipolicy_secure

References

ReferenceLink
3C1D8AA1-5A33-4EA4-8992-AADD6440AF75https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457

CWE Details

CWE IDCWE NameDescription
CWE-121Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence