CVE-2025-22457
Published Apr 3, 2025
Last updated 3 hours ago
AI description
CVE-2025-22457 is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. It allows a remote, unauthenticated attacker to execute arbitrary code on the target device. The vulnerability is triggered by network access to the impacted appliances. Exploitation of CVE-2025-22457 has been observed in the wild, with attackers using a shell script dropper to inject the BRUSHFIRE passive backdoor into a running web process.
- Description
- A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
- Exploit added on
- Apr 4, 2025
- Exploit action due
- Apr 11, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-121
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
53
🚨 CVE-2025-22457 ⚠️🔴 CRITICAL (9) 🏢 Ivanti - Connect Secure 🏗️ 22.7R2.6 🔗 https://t.co/yotFa5zek1 #CyberCron #VulnAlert #InfoSec https://t.co/HaGk2oKLPM
@cybercronai
5 Apr 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CISA just added Ivanti Connect Secure, Policy Secure and ZTA Gateways to its🛡️KEV Catalog because of Stack-Based Buffer Overflow (CVE-2025-22457) Read our annotated CVE Report at https://t.co/WU2FWwxE4i and consult our A.I. and Q & A for mitigations #Cybersecurity #InfoS
@BaseFortify
4 Apr 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical Ivanti vulnerability CVE-2025-22457 exploited to deploy TRAILBLAZE and BRUSHFIRE malware. Users urged to patch immediately. #CyberSecurity #Ivanti #Malware #CVE202522457 https://t.co/nsIFXjomon https://t.co/tssJShgXZY
@dailytechonx
4 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti Corporate VPN software patched CVE-2025-22457. At the time, the vulnerability was not considered to be exploitable. Mandiant now published a blog disclosing that the vulnerability was exploited as soon as mid-march. All they had to do was just reverse engineer the patch h
@CareWeDoNot
4 Apr 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Desbordamiento de búfer basado en pila en productos de Ivanti CVE-2025-22457 Connect Secure, 22.7R2.5 y anteriores Pulse Connect Secure, 9.1R18.9 y anteriores Policy Secure, 22.7R1.3 y anteriores; Neurons para ZTA Gateways, versiones 22.8R2 https://t.co/UIDaOS7NdL https://t.c
@elhackernet
4 Apr 2025
14 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457) - watchTowr Labs https://t.co/pFf0TeTHuo https://t.co/0RRoPh0PF1
@secharvesterx
4 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Alert: Active Exploitation of Ivanti Vulnerability (CVE-2025-22457) A critical vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways is now under active exploitation by threat actors. 🔗 Full advisory from Ivanti: https://t.co/VLhZ1aenLE https://t.co/
@smarttech247
4 Apr 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#BUGBOARD is here!💡 🚨Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware: Ivanti has patched a critical security vulnerability (CVE-2025-22457) in its Connect Secure, Policy Secure, and ZTA Gateways products. Link: https://t.co/qtIjAMbbCU
@bugbreport
4 Apr 2025
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical security flaw (CVE-2025-22457) in Ivanti's Connect Secure systems is being exploited to deploy TRAILBLAZE and BRUSHFIRE malware, linked to China’s UNC5221 group. Stay vigilant! 🔐💻 #Ivanti #UNC5221 #China link: https://t.co/HgNquJeFWf https://t.co/isoxtYbSK9
@TweetThreatNews
4 Apr 2025
175 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22457: Ivanti Connect Secure, 9.0 rating, unauthenticated RCE🔥 👉 Dork: http.body:"welcome.cgi?p=logo" I will notify you all once i will get the actual nuclei template! Vendor's advisory: https://t.co/3H8psbOQ4x #bugbounty #bugbountytips #rce #cve #vulnerability #hack
@darkshadow2bd
4 Apr 2025
230 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
After the disclosure of CVE-2025-22457, exploited since mid-March in Ivanti/Pulse Connect Secure, I checked the latest exposed servers. 12,471 are up today, 66% (8,246) are vulnerable, and alarmingly, about 50% (6,049) remain on pre-9.x versions EOL since Dec 2024. https://t.co/Z
@nekono_naha
4 Apr 2025
1175 Impressions
4 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
Ivanti、3月中旬から中国系スパイ行為のアクターが悪用しているConnect Secureのゼロデイ脆弱性に対するパッチを発表(CVE-2025-22457) https://t.co/SqYmw2P8x1 #Security #セキュリティ #ニュース
@SecureShield_
4 Apr 2025
271 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
UNC5221 exploits Ivanti zero-day (CVE-2025-22457) to deploy TRAILBLAZE & BRUSHFIRE malware—active attacks on unpatched systems. Immediate action required: https://t.co/zsufar7Jf3 #CyberSecurity #APT
@adriananglin
4 Apr 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22457: RCE in Ivanti Connect Secure, 9.0 rating 🔥 A buffer overflow in Ivanti Connect Secure allows an unauthenticated attacker to perform remote code execution. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/AsYvbtlqzN #cybersecurity #vulnerability_map htt
@Netlas_io
4 Apr 2025
924 Impressions
3 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Ivanti flaw (CVE-2025-22457, CVSS 9.0) actively exploited to deploy TRAILBLAZE & BRUSHFIRE malware. Patch ASAP! Details👇 🔗 https://t.co/eIgzVPDRfc #CyberSecurity #InfoSec https://t.co/eIgzVPDRfc
@SalvadorCloud
4 Apr 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 New Ivanti ZERO-DAY exploited in the wild — China-linked UNC5221 hits Connect Secure (CVE-2025-22457, CVSS 9.0). 💣 Exploits spotted mid-March by Mandiant. 🕵️♂️Malware: TRAILBLAZE, BRUSHFIRE, SPAWN. 🎯 Persistence. Credential theft. Data exfiltration. ⚡ Patch now | See ful
@TheHackersNews
4 Apr 2025
15532 Impressions
29 Retweets
55 Likes
9 Bookmarks
1 Reply
2 Quotes
Ivanti/Pulse Connect Secureの少なくとも3月中旬頃から悪用されていたCVE-2025-22457について調査。本日調査時点でもグローバルで12471台の機器が稼働しており、内66% 8246台が本脆弱性に該当。更に少なくとも1957台がEOL状態で稼働し、日本は最もEOL利用台数と率が多い💀 https://t.co/LgmFzGD8aM https://t.co/dH8FkVuLTR
@nekono_naha
4 Apr 2025
6237 Impressions
21 Retweets
55 Likes
14 Bookmarks
1 Reply
0 Quotes
#threatreport #MediumCompleteness Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | 03-04-2025 Source: https://t.co/EVOla1aviw Key details below ↓ 🧑💻Actors/Campaigns: Unc5221 (🧠motivation: cyber_espionage)
@rst_cloud
4 Apr 2025
309 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
今回のIvantiの件(CVE-2025-22457)は"結果的に"ですけど、脆弱性対応においてサイレント修正をどう考えるかは悩ましいところですね。
@autumn_good_35
4 Apr 2025
3175 Impressions
0 Retweets
14 Likes
3 Bookmarks
1 Reply
0 Quotes
Ivanti Connect Secureなどにおける脆弱性(CVE-2025-22457)に関する注意喚起を公開。すでにサポートが終了している9.1系のバージョンなどが影響を受け、国内ホストでも本脆弱性の悪用と思われる攻撃が発生しています。製品の利用者は侵害有無の調査などを実施ください。^KK https://t.co/lLSlTyyTuV
@jpcert
4 Apr 2025
4785 Impressions
14 Retweets
22 Likes
1 Bookmark
0 Replies
0 Quotes
統合版 JPCERT/CC | 注意喚起: Ivanti Connect Secureなどにおける脆弱性(CVE-2025-22457)に関する注意喚起 (公開) https://t.co/ni2aZzGstX #itsec_jp
@itsec_jp
4 Apr 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
注意喚起: Ivanti Connect Secureなどにおける脆弱性(CVE-2025-22457)に関する注意喚起 (公開) https://t.co/mhYFSGyWlh
@AileenWoodstock
4 Apr 2025
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025-04-03 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | Google Cloud Blog https://t.co/1goHjlgmtO https://t.co/WojppGCQ5U
@motikan2010
4 Apr 2025
241 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
4 Apr 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
IvantiのRCE脆弱性 CVE-2025-22457 が修正リリースされました。影響を受ける製品は以下の通りです。 ・Ivanti Connect Secure(22.7R2.5以前のバージョン) ・Pulse Connect Secure 9.x(※2024年12月31日でサポート終了) ・Ivanti Policy Secure ・Ivanti ZTA Gateways https://t.co/8eM3Mcpb4H https://t.co/TzNnDuLJoH
@t_nihonmatsu
3 Apr 2025
379 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
中国に関連するサイバースパイグループが、IvantiのConnect Secure、Policy Secure、ZTAゲートウェイ製品に存在する脆弱性(CVE-2025-22457)を悪用し、新たなマルウェアを展開していることが明らかになった。Ivantiはリスク評価を引き上げ、即時のアップデートを推奨。 https://t.co/Zyf784rBTr
@01ra66it
3 Apr 2025
1549 Impressions
4 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Urgent: A critical RCE vulnerability (CVE-2025-22457) in Ivanti VPN appliances is being exploited by a Chinese APT group. Customers must patch to avoid potential attacks! ⚠️ #Ivanti #RCE #China link: https://t.co/pvs6JrI4oy https://t.co/gUHHegZDbV
@TweetThreatNews
3 Apr 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457) https://t.co/xof9IVUTQ0
@stephenmarriott
3 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New CVE Alert: CVE-2025-22457 @Mandiant confirms active exploitation of a critical Ivanti Connect Secure RCE vulnerability by suspected China-nexus actor UNC5221. Involves custom malware (TRAILBLAZE, BRUSHFIRE) and the SPAWN ecosystem. 📌 CVE: https://t.co/NToaYLEr0k 📊 136K+
@modat_magnify
3 Apr 2025
52 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New CVE Alert: CVE-2025-22457 @Mandiant confirms active exploitation of a critical Ivanti Connect Secure RCE vulnerability by suspected China-nexus actor UNC5221. Involves custom malware (TRAILBLAZE, BRUSHFIRE) and the SPAWN ecosystem. 📌 CVE: https://t.co/NToaYLDTaM 📊
@modat_magnify
3 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Ivanti VPN #customers targeted via unrecognized RCE vulnerability (#CVE-2025-22457) https://t.co/qyaW2GbGEL
@ScyScan
3 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Ivanti has patched a critical zero-day vulnerability (CVE-2025-22457) exploited by a Chinese hacking group. Multiple products affected. Update urgently to protect against active malware attacks. 🔒 #Ivanti #China #MalwareThreats link: https://t.co/QLEjzvdYzF https://t.co/K8mR
@TweetThreatNews
3 Apr 2025
112 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) https://t.co/cmqk9946vv https://t.co/GL1LcQMO8m
@secharvesterx
3 Apr 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Ivanti Vulnerability (CVE-2025-22457) Actively Exploited Mandiant & Ivanti discovered active exploitation of a critical buffer overflow vulnerability in Ivanti Connect Secure VPN, leading to remote code execution. Patch now to secure your systems: https://t.co/iV4rj8KtWJ
@Mandiant
3 Apr 2025
3712 Impressions
19 Retweets
41 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2025-22457 is a critical stack-based buffer overflow vulnerability affecting Ivanti Connect Secure VPN appliances, Pulse Connect Secure, Ivanti Policy Secure, and ZTA gateways. Exploitation has been observed in the wild. #Thre... https://t.co/o2VcnrbwIe
@RedLegg
3 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti Connect Secureにおけるスタックベースバッファオーバーフロー(CVE-2025-22457) CVE-2025-22457は、Ivanti社の「Ivanti Connect Secure(ICS)」や「Policy Secure」「ZTA Gateways」等に影響するスタックベースのバッファオーバーフロー脆弱性であり、リモートコード実行(RCE)が可能。
@ken_j_4p
3 Apr 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) https://t.co/ra7BKZNT5i @Mandiant
@780thC
3 Apr 2025
2148 Impressions
16 Retweets
36 Likes
5 Bookmarks
1 Reply
0 Quotes
⚠️Alerte CERT-FR⚠️ La vulnérabilité CVE-2025-22457 affecte les produits Ivanti et permet à un attaquant non authentifié d'exécuter du code arbitraire à distance. Cette vulnérabilité est activement exploitée. https://t.co/49u2OfrUut
@CERT_FR
3 Apr 2025
6857 Impressions
11 Retweets
14 Likes
3 Bookmarks
0 Replies
2 Quotes
Another Ivanti flaw (CVE-2025-22457)! 😡 Fed up with these endless vulnerabilities. When will security be a priority? 🔒 #Cybersec #Ivanti 👇 https://t.co/JE2eYmDcFC
@_F2po_
3 Apr 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Encore une faille critique d'Ivanti (CVE-2025-22457) ! Ras-le-bol de ces vulnérabilités à répétition. Quand la sécurité sera-t-elle prioritaire ? #Cybersecu #Ivanti 👇 https://t.co/JE2eYmDcFC
@_F2po_
3 Apr 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerable edge devices attract threat actors like honey. UNC5221 China-linked actively exploiting CVE-2025-22457 (CVSS 9.0) a critical Ivanti VPN vulnerability since mid-March 2025. Patch version 22.7R2.6 #CVE #Exploited #POC #patch #vulnerability https://t.co/NnTSS5yzOy
@MarioRojasChin
3 Apr 2025
241 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Fresh off the press today is a new blog detailing our observations from in the wild exploitation of CVE-2025-22457 by UNC5221 that includes two newly observed malware families tracked as BRUSHFIRE and TRAILBLAZE. https://t.co/3GyFL1cWCo
@Big_Bad_W0lf_
3 Apr 2025
968 Impressions
7 Retweets
26 Likes
2 Bookmarks
0 Replies
0 Quotes
[CVE-2025-22457: CRITICAL] Stack-based buffer overflow in Ivanti Connect Secure, Policy Secure, and ZTA Gateways allows remote unauthenticated attackers to perform remote code execution.#cybersecurity,#vulnerability https://t.co/CUbrEqPoIq https://t.co/Fb2zpRxsiU
@CveFindCom
3 Apr 2025
142 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Threat Alert: Exploitation of Ivanti Connect Secure Vulnerability (CVE-2025-22457) by China-Nexus Threat Actor 📅 Date: 2025-03-15 to 2025-04-03 📌 Attribution: UNC5221 (suspected China-nexus espionage actor) 📝 Summary: A critical security vulnerability, CVE-2025-22457, in
@syedaquib77
3 Apr 2025
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Haavoittuvuus 09/2025 🌐 Ivanti Connect Secure -haavoittuvuuden (CVE-2025-22457) hyväksikäyttöä havaittu vanhemmissa versioissa, päivitä ohjelmistot välittömästi! https://t.co/6CpIXQAYtm
@CERTFI
3 Apr 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Ivanti VPN vuln CVE-2025-22457 is under active attack! Threat actors are deploying new malware like TRAILBLAZE & BRUSHFIRE. Patch IMMEDIATELY! Version 22.7R2.6 fixes this. More info & IOCs: 👇 #cybersecurity #threatintel #ivanti https://t.co/tJz2dsOMNM
@fernandokarl
3 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes