Ivanti Connect Secure RCE Vulnerability (CVE-2025-22457) Advisory and Exploitation Status

Critical Vulnerability Information CVE ID: CVE-2025-22457 Description: A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure (version 22.7R2.5 and earlier), Pulse Connect Secure 9.x (end of support date: December 31, 2024), Ivanti Policy Secure, and ZTA gateways. Attackers can exploit this vulnerability to execute remote code via an unauthenticated remote connector. CVSS Score: 9.0 (Critical) Affected Products: - Pulse Connect Secure 9.1x (EOS) - Ivanti Connect Secure (22.7R2.5 and earlier) - Policy Secure - ZTA gateways Affected Versions: - Ivanti Connect Secure: 22.7R2.5 and earlier - Pulse Connect Secure (EOS): 9.1R18.9 and earlier - Ivanti Policy Secure: 22.7R1.3 and earlier - ZTA Gateways: 22.8R2 and earlier Remediation: - Ivanti Connect Secure: Apply version 22.7R2.6, released in February 2025. - Pulse Connect Secure 9.1x: Contact Ivanti for migration. - Ivanti Policy Secure: Patch under development, to be available on April 21. - Ivanti ZTA Gateways: Patch under development, to be automatically applied to environments on April 19. Frequently Asked Questions Is there active exploitation?: A limited number of customer Ivanti Connect Secure (22.7R2.5 and earlier) and End-of-Support Pulse Connect Secure 9.1x devices were exploited at the time of disclosure. How to determine if compromised?: Customers should monitor their external ICT and look for web server crashes. If indicators of compromise (IoC) are detected, perform a factory reset and redeploy the device using version 22.7R2.6. Why is this being disclosed now if known previously?: The vulnerability was initially assessed as a buffer overflow with character limits, deemed non-exploitable for remote code execution and not meeting denial-of-service criteria. However, Ivanti and security partners later determined it could be exploited via carefully crafted methods, and evidence of real-world exploitation has been observed.

Goal Reached Thanks to every supporter — we hit 100%!

Ivanti Connect Secure RCE Vulnerability (CVE-2025-22457) Advisory and Exploitation Status