Ivanti products: stack-based buffer overflow (CVE-2025-22457) #shorts

Summary

In today's podcast, we delve into a critical cybersecurity vulnerability, identified as CVE-2025-22457, affecting Ivanti products. This vulnerability has been exploited in the wild by a suspected Chinese APT group, posing significant threats to affected users.

Product details

The CVE-2025-22457 vulnerability affects several products from Ivanti. Specifically, it impacts Ivanti Connect Secure versions before 22.7R2.6, Ivanti Policy Secure versions before 22.7R1.4, and Ivanti Neurons for Zero Trust Architecture (ZTA) Gateways before version 22.8R2.2.

Vulnerability type summary

CVE-2025-22457 is categorized as a stack-based buffer overflow, referenced under CWE-121. This type of vulnerability can be exploited to execute arbitrary code, potentially allowing attackers to gain unauthorized access to systems.

Details of the vulnerability

The stack-based buffer overflow vulnerability in Ivanti products allows remote, unauthenticated attackers to achieve remote code execution. Exploiting this flaw, a suspected China-nexus threat actor group has been actively targeting Ivanti VPN customers. Immediate action is recommended to upgrade affected systems to the latest versions to mitigate this risk.

Conclusion

CVE-2025-22457 represents a significant security threat due to its critical nature and the active exploitation in the wild. All users utilizing the affected Ivanti products should prioritize upgrading to the latest versions to safeguard their systems against potential attacks. Stay vigilant and ensure your cybersecurity measures are up to date.

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

• https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457