CVE-2025-22457
Stack Buffer Overflow in Ivanti Products Enables Remote Code Execution
Publication date: 2025-04-03
Last updated on: 2025-05-03
Assigner: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Description
Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| ivanti | neurons_for_zero-trust_access | * |
| ivanti | neurons_for_zero-trust_access | * |
| ivanti | connect_secure | * |
| ivanti | policy_secure | * |
| ivanti | neurons_for_zero-trust_access | * |
| ivanti | neurons_for_zero-trust_access | * |
| ivanti | neurons_for_zero-trust_access | * |
| ivanti | neurons_for_zero-trust_access | * |
| ivanti | neurons_for_zero-trust_access | * |
| ivanti | neurons_for_zero-trust_access | * |
| ivanti | policy_secure | From 22.7R1.4 (inc) |
| ivanti | zta_gateways | From 22.8R2.2 (inc) |
| ivanti | connect_secure | From 22.7R2.6 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-121 | Stack-based Buffer Overflow |
| CWE-787 | Out-of-bounds Write |
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me? :
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2025-04-03
CVE Last Modified Date:
2025-05-03
Report Generation Date:
2025-06-10
AI Powered Q&A Generation:
2025-04-04
EPSS Last Evaluated Date:
2025-06-03
NVD Report Link: