Summary
| Vulnerability Name | Buffer Overflow Vulnerability in Multiple Ivanti Products (CVE-2025-22457) |
|---|---|
| Released on | April 11, 2025 |
| Affected Component | Multiple Ivanti products |
| Affected Version | Ivanti Connect Secure < 22.7R2.6 Pulse Connect Secure (EoS) < 22.7R2.6 Ivanti Policy Secure < 22.7R1.4 ZTA Gateways < 22.8R2.2 |
| Vulnerability Type | Buffer overflow |
| Exploitation Condition |
|
| Impact | Exploitation difficulty: easy. Attackers can exploit this vulnerability to execute arbitrary code without authorization. Severity: critical. This vulnerability can result in remote code execution. |
| Official Solution | Available |
About the Vulnerability
Component Introduction
Ivanti is a software company focused on enterprise IT operations, security management, and end-user experience optimization. It aims to help enterprises manage complex IT environments through automation, artificial intelligence, and unified platform technologies.
Vulnerability Description
On April 11, 2025, Sangfor FarSight Labs received notification of the buffer overflow vulnerability in multiple Ivanti products (CVE-2025-22457), classified as critical in threat level.
A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure (versions earlier than 22.7R2.6), Ivanti Policy Secure (versions earlier than 22.7R1.4), and Ivanti ZTA Gateways (versions earlier than 22.8R2.2). Attackers can exploit this vulnerability to execute arbitrary code without authorization, leading to server compromises.
The proof-of-concept (PoC) exploit code for this vulnerability has been publicly disclosed across the Internet.
Affected Versions
The following versions are affected:
Ivanti Connect Secure < 22.7R2.6
Pulse Connect Secure (EoS) < 22.7R2.6
Ivanti Policy Secure < 22.7R1.4
ZTA Gateways < 22.8R2.2
Solutions
Remediation Solutions
Official Solution
The latest version has been officially released to fix the vulnerability. Affected users are advised to update their Ivanti products to the following versions:
Ivanti Connect Secure 22.7R2.6
Pulse Connect Secure (EoS) 22.7R2.6
Ivanti Policy Secure 22.7R1.4 (scheduled for release on April 21, 2025)
ZTA Gateways 22.8R2.2 (scheduled for release on April 19, 2025)
Download link: https://portal.ivanti.com/
Sangfor Solutions
Risky Asset Discovery
The following Sangfor services can conduct proactive detection to discover affected assets of CVE-2025-22457 in batches in business scenarios:
Sangfor Host Security: The corresponding asset discovery solution has been released. The fingerprint ID is 0030642.
Sangfor TSS: The corresponding asset discovery solution has been released. The fingerprint ID is 0030642.
Vulnerability Detection
The following Sangfor services can proactively detect CVE-2025-22457 vulnerabilities and quickly identify vulnerability risks in batches in business scenarios:
Sangfor Host Security: The corresponding detection solution will be released on April 13, 2025. The rule ID is SF-2025-00367.
Sangfor TSS: The corresponding detection solution will be released on April 14, 2025. The rule ID is SF-2025-00991.
Sangfor Cyber Guardian Platform: The corresponding detection solution will be released on April 14, 2025. The rule ID is SF-2025-00991. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Sangfor TSS.
Sangfor XDR: The corresponding detection solution will be released on April 13, 2025. The rule ID is SF-2025-00367. In this case, make sure that Sangfor XDR is integrated with Sangfor Host Security.
Vulnerability Monitoring
The following Sangfor services support CVE-2025-22457 vulnerability monitoring, and can quickly identify affected assets and the impact scope in business scenarios in real time through traffic collection:
Cyber Command: The corresponding monitoring solution will be released on April 18, 2025. The rule ID is 11027475.
Sangfor Cyber Guardian Platform: The corresponding monitoring solution will be released on April 18, 2025. The rule ID is 11027475. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Cyber Command.
Sangfor XDR: The corresponding monitoring solution will be released on April 18, 2025. The rule ID is 11027475.
Vulnerability Prevention
The following Sangfor services can effectively block CVE-2025-22457 exploits:
Network Secure: The corresponding prevention solution will be released on April 18, 2025. The rule ID is 11027475.
Sangfor Web Application Firewall: The corresponding prevention solution will be released on April 18, 2025. The rule ID is 11027475.
Sangfor Cyber Guardian Platform: The corresponding prevention solution will be released on April 18, 2025. The rule ID is 11027475. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Network Secure.
Sangfor XDR: The corresponding prevention solution will be released on April 18, 2025. The rule ID is 11027475. In this case, make sure that Sangfor XDR is integrated with Network Secure.
Timeline
On April 11, 2025, Sangfor FarSight Labs received notification of the buffer overflow vulnerability in multiple Ivanti products (CVE-2025-22457).
On April 11, 2025, Sangfor FarSight Labs released a vulnerability alert.
References
https://attackerkb.com/topics/0ybGQIkHzR/cve-2025-22457/rapid7-analysis
Learn More
Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.
