Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Ivanti — Connect Secure, Policy Secure, and ZTA Gateways
- Added to KEV catalog
- 4 April 2025
- Federal remediation due date
- 11 April 2025
- Weakness classification (CWE)
- CWE-121
CISA Description
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.
Required action
Apply mitigations as set forth in the CISA instructions linked below.
Notes
CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22457
More Ivanti Vulnerabilities
Ivanti Sentry OS Command Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services