Ivanti has revealed a critical security flaw in its Connect Secure software, tracked as CVE-2025-22457, with a high CVSS score of 9.0. This vulnerability, caused by a stack-based buffer overflow, enables remote unauthenticated attackers to execute arbitrary code. Although the vulnerability has been patched in recent updates, it has already been exploited against a limited number of customers, particularly impacting versions before 22.7R2.6. Ivanti has advised users to monitor their systems for signs of compromise and perform necessary updates, emphasizing the urgency of taking action to mitigate risk.
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote unauthenticated attacker to achieve remote code execution, highlighting significant security risks.
Customers should monitor their external ICT and look for web server crashes. If signs of compromise appear, perform a factory reset and upgrade to version 22.7R2.6.
Collection
[
|
...
]