CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2025-22457

Critical Severity
SVRS
91/100
CVSSv3
9.0/10
EPSS
0.09437/1

CVE-2025-22457 is a critical security vulnerability affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways, allowing remote code execution. This stack-based buffer overflow enables unauthenticated attackers to execute arbitrary code on vulnerable systems. Given the high SVRS score of 91, indicating a critical vulnerability, immediate patching is essential to mitigate potential exploitation.

CVE-2025-22457 presents a severe risk because active exploits are available, making it a prime target for malicious actors. The vulnerability, stemming from a buffer overflow (CWE-121), permits unauthorized access and control of affected Ivanti appliances. Its presence in the CISA KEV catalog further underscores its significance and the imperative for prompt remediation to prevent potential data breaches and system compromise. The high CVSS score of 9 reflects the potential for complete system takeover by unauthenticated remote actors.

TAGS
CISA KEV
In The Wild
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:N
S:C
C:H
I:H
A:H
PUBLICATION DATE2025-04-03
LAST MODIFIED2025-04-08

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2025-224572025-04-04
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini2025-04-07
U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog | U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Tomcat path equivalence vulnerability, tracked as CVE-2025-22457, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2025-22457 is a stack-based buffer overflow [&#8230;] <h2
securityaffairs.co
rss
forum
news
⚡ Weekly Recap: VPN Exploits, Oracle’s Silent Breach, ClickFix Comeback and More
Ajit Jasrotia2025-04-07
⚡ Weekly Recap: VPN Exploits, Oracle’s Silent Breach, ClickFix Comeback and More | Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but in job offers, hardware, and cloud services we rely on every day. Hackers don&#8217;t need sophisticated exploits anymore. Sometimes, your credentials and [&#8230;] The post ⚡ Weekly Recap: VPN Exploits, Oracle&#8217;s Silent Breach, ClickFix Comeback and More
allhackernews.com
rss
forum
news
Data Breaches Digest - Week 15 2025
Dunkie ([email protected])2025-04-07
Data Breaches Digest - Week 15 2025 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 7th April and 13th April 2025. 7th April <br
dbdigest.com
rss
forum
news
CISA adds Ivanti Connect Secure vulnerability to KEV catalog - Cybersecurity Dive
2025-04-07
CISA adds Ivanti Connect Secure vulnerability to KEV catalog - Cybersecurity Dive | News Content: Dive Brief: CISA on Friday added CVE-2025-22457, a critical stack-based buffer-overflow flaw that affects several Ivanti products, to the agency's known exploited vulnerabilities catalog. Ivanti disclosed it on April 3 and warned the flaw has been exploited in the wild. The critical vulnerability affects Ivanti Connect Secure as well as Pulse Connect Secure, Ivanti Policy Secure and ZTA gateway products. Ivanti had previously misidentified the flaw as a product bug that could not be exploited remotely. Mandiant published research last week that
google.com
rss
forum
news
7th April – Threat Intelligence Report - Check Point Software
2025-04-07
7th April – Threat Intelligence Report - Check Point Software | News Content: For the latest discoveries in cyber research for the week of 7th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The second-largest bar association in the US, The State Bar of Texas, has experienced a ransomware attack that resulted in unauthorized access to its network, exposing sensitive member information including full names and legal case documents. The INC ransomware gang claimed responsibility for the attack and has already leaked samples of stolen files. Check Point Threat Emulation provides protection against this threat (Ransomware.Wins.INC) Port of Seattle
google.com
rss
forum
news
Critical Alert issued on Ivanti vulnerability
ACSM_Accro2025-04-07
Critical Alert issued on Ivanti vulnerability | Ivanti have released information regarding active exploitation of a critical vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457). ASD&#8217;s ACSC recommends customers follow the advice [...]
australiancybersecuritymagazine.com.au
rss
forum
news
Security Affairs newsletter Round 518 by Pierluigi Paganini – INTERNATIONAL EDITION
Pierluigi Paganini2025-04-06
Security Affairs newsletter Round 518 by Pierluigi Paganini – INTERNATIONAL EDITION | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A flaw in Verizon’s iOS Call Filter app exposed call records of millions Port of Seattle &#8216;s August [&#8230;] A new round of the weekly SecurityAffairs
securityaffairs.co
rss
forum
news

Social Media

A critical #vulnerability (CVE-2025-22457) in #Ivanti software, initially misclassified as low-priority, is now being actively exploited. Attackers are using it for #RemoteCodeExecution and backdoor deployment. #ThreatIntelligence #CyberSecurity https://t.co/l21QKVfLYA
0
0
0
On April 3, 2025, Ivanti disclosed a critical zero-day vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Learn more in our latest security bulletin: https://t.co/lyJsVyCUih #EndCyberRisk
0
3
0
Ivanti has disclosed a critical zero-day vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. https://t.co/s1M2Qzu0p9
0
0
0
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-22457—a critical vulnerability affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways—to its Known Exploited Vulnerabilities (KEV) Catalog. More: https://t.co/DuvO3JbmMo #Hoploninfosec https://t.co/3qS4y9TjKK
0
0
0
Ivanti Connect Secure Vulnerability (CVE-2025-22457) Actively Exploited in the Wild | https://t.co/dR7FYOBU9Y
0
0
0
RT emruz "Ivanti Connect Secure Vulnerability (CVE-2025-22457) Actively Exploited in the Wild | https://t.co/tTjGrVDdgi"
0
0
0
🚨 Ivanti Zero-Day Exploited 🚨 CVE-2025-22457 enables unauthenticated RCE on outdated Connect Secure versions. Patch now to 22.7R2.6. Use Ivanti’s ICT tool to check for compromise. Ongoing attacks linked to UNC5221. Stay protected - https://t.co/BLjQF3JlQW https://t.co/XOMAQcf0O5
0
1
1
📌 TLDR DevOps in a nutshell: 1️⃣ WebP images: Because your AWS bill shouldn’t look like a phone number 📞💸 2️⃣ Azure DevOps: SNI or GTFO starting April 23 🚧 3️⃣ Amazon Q Developer: Now with extra AI sprinkles for OpenSearch 🍩🤖 4️⃣ CVE-2025-22457: Patch Ivanti before hackers
1
0
0
Weekly cyber hits: NK hackers drop BeaverTail via 11 npm pkgs (5.6k dl’s) targeting devs. Ivanti flaw (CVE-2025-22457) hit by China pros—patch by 4/11! PoisonSeed spams Coinbase; PyPI pkgs (39k dl’s) swipe data. Lock it down! Like &amp; share for more! https://t.co/UO2uTLxfg4
0
0
0
Ivanti sotto attacco, Coinbase genera panico con messaggi errati ed emerge CVE-2025-22457 Sicurezza Informatica, 2fa, CISA KEV Catalogo, coinbase, CVE-2025-22457, errore, exploit, Ivanti Connect Secure, patch, Policy Secure, sicurezza identità, vulnerabi… https://t.co/7Vy3hkTfKY https://t.co/PzsEBmdPYG
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
3C1D8AA1-5A33-4EA4-8992-AADD6440AF75https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457

CWE Details

CWE IDCWE NameDescription
CWE-121Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence