U.S. CISA Adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways Vulnerability to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways to its catalog of known exploited vulnerabilities. The vulnerability, listed under the number CVE-2025-22457, is a stack-based buffer overflow in Apache Tomcat, known as the path equivalence vulnerability. This flaw has been actively exploited, leading to its inclusion in the CISA's KEV catalog.