CVE-2025-22457
Published Apr 3, 2025
Last updated 18 days ago
AI description
CVE-2025-22457 is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. It allows a remote, unauthenticated attacker to execute arbitrary code on the target device. The vulnerability is triggered by network access to the impacted appliances. Exploitation of CVE-2025-22457 has been observed in the wild, with attackers using a shell script dropper to inject the BRUSHFIRE passive backdoor into a running web process.
- Description
- A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
- Exploit added on
- Apr 4, 2025
- Exploit action due
- Apr 11, 2025
- Required action
- Apply mitigations as set forth in the CISA instructions linked below.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
#Ivanti VPNの脆弱性 CVE-2025-22457 ☑️リモートコード実行(#RCE)発生可能 ☑️Connect Secure 22.7R2.5以下のバージョンなど一部のIvanti製品の脆弱性 ☑️https://t.co/IVizkfqat2 クエリ:title: "IvantiConnect Secure" ☑️ パッチ適用および攻撃対象領域管理(#ASM)で措置可能 🔎詳細: https://t.co/RKWWlW4fGa
@CriminalIP_JP
25 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ثغرة #CVE-2025-22457 في Ivanti VPN ☑️تنفيذ التعليمات عن بُعد (RCE) ☑️بعض منتجات Ivanti، بما في ذلك Connect Secure 22.7R2.5 وما قبل معرضة للخطر ☑️https://t.co/gKKiwWs7Q2: title: "IvantiConnect Secure" ☑️ت
@CriminalIP_AR
25 Apr 2025
62 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Ivanti VPN 취약점 #CVE-2025-22457 ☑️원격 코드 실행(RCE) 발생 가능 ☑️Connect Secure 22.7R2.5 이하 버전 등 일부 이반티제품 취약 ☑️https://t.co/ZdemHmQb5V 쿼리: title: "IvantiConnect Secure" ☑️패치 적용 및 공격 표면 관리(#ASM)로 조치 가능 🔎자세히 보기: https://t.co/PG5QrY18ft https://t.co/sT64TnwjAp
@CriminalIP_KR
25 Apr 2025
81 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
24 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
22 Apr 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
21 Apr 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
20 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#threatreport #MediumCompleteness UNC5221s Latest Exploit: Weaponizing CVE-2025-22457 in Ivanti Connect Secure | 17-04-2025 Source: https://t.co/963750119Z Key details below ↓ 🧑💻Actors/Campaigns: Unc5221 (🧠motivation: information_theft, cyber_espionage) Dragonfish 💀Threats
@rst_cloud
18 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Vulnerability CVE-2025-22457 Exposes 5,000 Ivanti VPN Appliances ⚠️ https://t.co/XWYBdSNxuA Over 5,000 #Ivanti Connect Secure #VPN appliances remain vulnerable to CVE-2025-22457, a critical buffer overflow flaw exploited by Chinese hackers for remote code execution.
@Huntio
17 Apr 2025
195 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
UNC5221 exploits CVE-2025-22457 in Ivanti Connect Secure, targeting global networks with custom malware. A critical threat to U.S. organizations and beyond. ⚠️💻 #CyberEspionage #Vulnerability #China link: https://t.co/TFJ0siCzQI https://t.co/9QQdsENn4F
@TweetThreatNews
17 Apr 2025
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
17 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
16 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
UNC5221の話めちゃくちゃ出てくる。IvantiのCVE-2025-22457の被害がかなり広範囲に出てて、IR対応とフォレンジックでどんどん掘れてるのかな。 Chinese Hackers Unleash New BRICKSTORM Malware to Target Windows and Linux Systems https://t.co/Bk8x3nEIjW @GBHackers
@Osint_Rh
16 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#786 悪用する攻撃を国内でも確認 ~ Ivanti Connect Secure などに脆弱性(CVE-2025-22457) - セキュリティジョッキー松野 https://t.co/oMd4VGT6IQ #Voicy #叱らなきゃいけない時
@security_radio
16 Apr 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
16 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Time for a CyberByte! A China-nexus APT group exploited critical stack buffer overflow vulnerabilities (CVE-2025-0282 and CVE-2025-22457) in Ivanti Connect Secure VPN appliances. The victims span nearly twenty different industries across twelve countries; the vulnerabilities htt
@ITISAC
15 Apr 2025
134 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
15 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
中国との関連が疑われる脅威アクターが Ivanti Connect Secure の重大な脆弱性(CVE-2025-22457)を積極的に悪用している可能性が判明 #GoogleCloud https://t.co/qrjduvMpaG
@kaz_goto
15 Apr 2025
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
15 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
中国のAPTグループがIvanti VPNの重大な脆弱性(CVE-2025-0282/CVE-2025-22457)を悪用し、世界12カ国・約20業種にサイバースパイ攻撃を展開。高度なマルウェア「SPAWNCHIMERA」を使用し、検出回避技術で長期潜伏。 https://t.co/SbLVUyGMOV
@01ra66it
14 Apr 2025
816 Impressions
2 Retweets
17 Likes
4 Bookmarks
0 Replies
0 Quotes
中国と関係するAPTグループが、Ivanti Connect Secure VPNの重大な脆弱性(CVE-2025-0282およびCVE-2025-22457)を悪用し、12か国・20業種の組織に侵入したとTeamT5が報告した。
@yousukezan
14 Apr 2025
2063 Impressions
3 Retweets
14 Likes
0 Bookmarks
0 Replies
0 Quotes
Suspected China-Nexus Threat Actor Actively Exploiting Critical #Ivanti Connect Secure #Vulnerability (CVE-2025-22457) https://t.co/qyD97tEu57
@club31337
14 Apr 2025
239 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
中国系APT集団がIvanti Connect Secure VPNを悪用して複数組織に侵入している。TeamT5社報告。CVE-2025-0282及びCVE-2025-22457を悪用した可能性。中国のアクター間で共有されるIvanti機器専用マルウェアSPAWNCHIMERAを使用。 https://t.co/rUHoNRf7fb
@__kokumoto
14 Apr 2025
3636 Impressions
9 Retweets
29 Likes
16 Bookmarks
1 Reply
1 Quote
Actively exploited CVE : CVE-2025-22457
@transilienceai
14 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
13 Apr 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
12 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices. https://t.co/emrDD25GL9 https://t.co/PBPzcWoRBO
@persistsec
12 Apr 2025
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Rapid7、静かなパッチの混乱の後、Ivanti VPNアプライアンスにおけるRCEの経路を明らかにする(CVE-2025-22457) https://t.co/25rdTBkKC6 #security #セキュリティ #ニュース
@SecureShield_
12 Apr 2025
273 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed Full Story: https://t.co/lLmk1VuAeu A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated remote code execution (RCE) vulnerability impacting several Ivanti products. A ht
@The_Cyber_News
11 Apr 2025
343 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - sfewer-r7/CVE-2025-22457 https://t.co/RnwqvFpKBF
@akaclandestine
11 Apr 2025
1128 Impressions
5 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-22457 teaches us that spray and pray is still a thing
@steventseeley
11 Apr 2025
3436 Impressions
0 Retweets
36 Likes
7 Bookmarks
2 Replies
0 Quotes
Rapid7は、Ivanti Connect Secureに存在する重大なゼロデイ脆弱性(CVE-2025-22457)の技術詳細と実証コードを公開した。 この脆弱性は、HTTPヘッダー(特にX-Forwarded-For)処理時のスタックバッファオーバーフローに起因し、認証不要で遠隔から任意コード実行が可能である。
@yousukezan
11 Apr 2025
1779 Impressions
4 Retweets
14 Likes
5 Bookmarks
0 Replies
0 Quotes
Ivanti Zero-Day CVE-2025-22457 Exploit Details Released https://t.co/tJjP7qlK85
@Dinosn
11 Apr 2025
5659 Impressions
31 Retweets
121 Likes
25 Bookmarks
1 Reply
2 Quotes
CVE-2025-22457 Exploit https://t.co/87Zzr1xpbO
@Handshaking_py
11 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Rapid7 reveals details of Ivanti zero-day CVE-2025-22457, a critical stack-based buffer overflow actively exploited by a China-linked group. Learn about the vulnerability and available patches. https://t.co/is289wV3S2
@the_yellow_fall
11 Apr 2025
832 Impressions
4 Retweets
17 Likes
2 Bookmarks
0 Replies
0 Quotes
#CybersecurityNEWS🔴👨💻👾 Ivanti ha lanzado un parche urgente para su solución Connect Secure, corrigiendo la vulnerabilidad de día cero CVE-2025-22457, que fue explotada desde mediados de marzo. Ver más: https://t.co/D01z0gnoV8 #ciberseguridad #DevelNews https://t.co/dxuAjzG
@develsecurity
11 Apr 2025
110 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We have just published our AttackerKB @rapid7 Analysis of CVE-2025-22457, an unauth stack buffer overflow in Ivanti Connect Secure. Difficult to exploit due to severe character restrictions, we detail our full RCE technique here: https://t.co/MKx9O90rm2
@stephenfewer
10 Apr 2025
8544 Impressions
43 Retweets
90 Likes
20 Bookmarks
7 Replies
4 Quotes
#DOYOUKNOWCVE In the shadows of cyberspace, attackers are already inside. Four critical vulnerabilities are being actively exploited right now, targeting widely used platforms. The threat is real—and urgent. CVE-2025-22457 – Buffer overflow in Ivanti Connect Secure lets https
@Loginsoft_Inc
10 Apr 2025
229 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
1 Quote
[1day1line] CVE-2025-22457: X-Forwarded-For Stack Buffer Overflow Vulnerability in Ivanti Connect Secure https://t.co/aXk7DhJnc7 Today’s Vulnerabiltiy is CVE-2025-22457 from Ivanti, which is currently being exploited in the wild (ITW). It’s a vulnerability that can be triggered
@hackyboiz
10 Apr 2025
3430 Impressions
21 Retweets
45 Likes
14 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
10 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-22457: Critical RCE in Ivanti products now under active attack by UNC5221. ⚙️ Exploit: X-Forwarded-For buffer overflow 🧠 Malware: TRAILBLAZE, BRUSHFIRE, SPAWNSLOTH 📉 Impact: Remote code execution, log tampering, SSL interception Read more → https://t.co/NhVUjxa4ta
@PicusSecurity
9 Apr 2025
260 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍 ثغرة أمنية مهمة في منتجات إيفانتي تهدد الأنظمة الحساسة، رمز CVE-2025-22457. تأثيرها على Connect Secure وZTA Gateways وPolicy Secure يفتح الباب أمام الهجمات السيبرانية. القطاعات المالية والحكومية في خطر! للمزيد: https://t.co/jq4mjW7UeI #الأمن_السيبراني #الثغرات_الأمنية
@CYBRAT_NET
9 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti Connect Secureなどにおける脆弱性(CVE-2025-22457)に関する注意喚起 https://t.co/I9YQaq4bz4 @jpcert
@nonfictio_cyber
8 Apr 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers. https://t.co/MFCg09N630 https://t.co/BQKTw7LOYg
@persistsec
8 Apr 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログで、以下の脆弱性の悪用が確認された。 - WindowsのCVE-2018-8639, CVE-2024-30051 - SharePointのCVE-2024-38094 また、Ivanti社VPN製品群のCVE-2025-22457では、要求対策がハンティングを含むものに変更。 https://t.co/wQDUw2hGxs
@__kokumoto
7 Apr 2025
1130 Impressions
0 Retweets
6 Likes
4 Bookmarks
0 Replies
0 Quotes
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-22457—a critical vulnerability affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways—to its Known Exploited Vulnerabilities (KEV) Catalog. More: https://t.co/DuvO3JbmMo #Hoploninfosec
@HoplonInfosec
7 Apr 2025
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-22457 #Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability https://t.co/HfzGwAyPs6
@ScyScan
7 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Ivanti Zero-Day Exploited 🚨 CVE-2025-22457 enables unauthenticated RCE on outdated Connect Secure versions. Patch now to 22.7R2.6. Use Ivanti’s ICT tool to check for compromise. Ongoing attacks linked to UNC5221. Stay protected - https://t.co/BLjQF3JlQW https://t.co/XOMAQcf0
@SecurityJoes
7 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-backed UNC5221 is exploiting another Ivanti VPN flaw (CVE-2025-22457). What was once a "low-risk" bug turned into a full-blown RCE vector—actively exploited in the wild before it was even disclosed. Edge devices are under siege. #CyberSecurity #APT https://t.co/1o58kv2nbg
@Shift6Security
7 Apr 2025
116 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
https://t.co/C6JBwD03uq Ivanti rilascia aggiornamenti di sicurezza per la vulnerabilità dei gateway Connect Secure, Policy Secure e ZTA (CVE-2025-22457). Hacker Stato-Nazione cinesi
@palmacci24838
7 Apr 2025
58 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:*:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0EC2FCD-5402-4269-B86A-18F8DFB8F2C9",
"versionEndExcluding": "22.7"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3447428E-DBCD-4553-B51D-AC08ECAFD881"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A08BAF98-7F05-4596-8BFC-91F1A79D3BD1"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40717D97-A062-49C4-B105-C22AAC3A206A"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E4387B4-BC5C-41DE-92DA-84866A649AD2"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24514B40-540E-45D7-90DC-BCC1D9D7E92C"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFD510E9-12DC-4942-BAA0-6405CBD905EF"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA11BB6D-36C7-438B-A5A7-71C3CB2E5EC8"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B01001B-FA11-4297-AB81-12A00B97C820"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F28E6B1-44AB-4635-8939-5B0A44BED1E6"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E9D957B-49F9-492D-A66A-0D25BA27AD35"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1AB497E-E403-4DEE-A83D-CB2E119E5E96"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA6B3322-9AFB-44B5-B571-995AB606FD01"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47CB7C12-D642-4015-842C-37241F87DB86"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58E49DF1-F66A-4F52-87FA-A50DFD735ECB"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62A0393A-C1C6-4708-BC41-5A5B8FB765FF"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F3358B0-4751-4DCD-8BFC-BB4C68505658"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C9313A0-2F33-412B-A6F0-E51AE19E199B"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2979603E-F5CF-4C53-9828-36795E1B6247"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0D33C96-EE5C-41EB-8D9F-88ED025C191A"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F0A44E1-3670-4AD5-A54D-FDA6C200AA73"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5B4CE43-2D9B-4DF9-AC2A-F649622CD190"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C9B3FF8-F613-404D-BC85-9DD6F2A6DB5C"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CFC583B5-18F5-4943-8C68-6C601857CE5E"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E4DE5D9-C92B-4143-835F-2D16F0CC328F"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F874F69E-C621-4C4B-802F-900E7BFAB71B"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67D43D1D-564D-4ACD-B0FF-3828B95E9864"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC8480E0-17C0-4590-950F-D3954E735365"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FAF4FB0-A88C-4A87-B6CB-32EF7B415885"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.8:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9779B197-1A14-4750-B8BC-9CA00F46D123"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.8:r1.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BAFF5CD8-AB78-436B-AA16-8447706D0E86"
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.8:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ADB0039-5652-428A-96A4-66B29DFB0F9D"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:*:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48EFA63B-1322-45B0-B86D-87F24A2B4E8A",
"versionEndExcluding": "22.7"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D24A8DB-D697-4C60-935D-B08EE36861CB"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C12D325-77E1-4873-8A77-D76F4A73BCF8"
}
],
"operator": "OR"
}
]
}
]