CVE-2025-22467

9.9

Critical

Published:11 Feb 2025

Last updated:17 Jun 2026

Source:3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Analyzed

Weakness (CWE)

CWE-121Stack-based Buffer Overflow

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.

References

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs