CVE-2025-22457

Published Apr 3, 2025

Last updated 18 days ago

Exploit knownCVSS critical 9.0
Ivanti
Connect Secure
Policy Secure

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-22457 is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. It allows a remote, unauthenticated attacker to execute arbitrary code on the target device. The vulnerability is triggered by network access to the impacted appliances. Exploitation of CVE-2025-22457 has been observed in the wild, with attackers using a shell script dropper to inject the BRUSHFIRE passive backdoor into a running web process.

Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Exploit added on
Apr 4, 2025
Exploit action due
Apr 11, 2025
Required action
Apply mitigations as set forth in the CISA instructions linked below.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-121
nvd@nist.gov
CWE-787

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. #Ivanti VPNの脆弱性 CVE-2025-22457 ☑️リモートコード実行(#RCE)発生可能 ☑️Connect Secure 22.7R2.5以下のバージョンなど一部のIvanti製品の脆弱性 ☑️https://t.co/IVizkfqat2 クエリ:title: "IvantiConnect Secure" ☑️ パッチ適用および攻撃対象領域管理(#ASM)で措置可能 🔎詳細: https://t.co/RKWWlW4fGa

    @CriminalIP_JP

    25 Apr 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ثغرة #CVE-2025-22457 في Ivanti VPN ☑️تنفيذ التعليمات عن بُعد (RCE) ☑️بعض منتجات Ivanti، بما في ذلك Connect Secure 22.7R2.5 وما قبل معرضة للخطر ☑️https://t.co/gKKiwWs7Q2: title: "IvantiConnect Secure" ☑️ت

    @CriminalIP_AR

    25 Apr 2025

    62 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨Ivanti VPN 취약점 #CVE-2025-22457 ☑️원격 코드 실행(RCE) 발생 가능 ☑️Connect Secure 22.7R2.5 이하 버전 등 일부 이반티제품 취약 ☑️https://t.co/ZdemHmQb5V 쿼리: title: "IvantiConnect Secure" ☑️패치 적용 및 공격 표면 관리(#ASM)로 조치 가능 🔎자세히 보기: https://t.co/PG5QrY18ft https://t.co/sT64TnwjAp

    @CriminalIP_KR

    25 Apr 2025

    81 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    24 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    22 Apr 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    21 Apr 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    20 Apr 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. #threatreport #MediumCompleteness UNC5221s Latest Exploit: Weaponizing CVE-2025-22457 in Ivanti Connect Secure | 17-04-2025 Source: https://t.co/963750119Z Key details below ↓ 🧑‍💻Actors/Campaigns: Unc5221 (🧠motivation: information_theft, cyber_espionage) Dragonfish 💀Threats

    @rst_cloud

    18 Apr 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Critical Vulnerability CVE-2025-22457 Exposes 5,000 Ivanti VPN Appliances ⚠️ https://t.co/XWYBdSNxuA Over 5,000 #Ivanti Connect Secure #VPN appliances remain vulnerable to CVE-2025-22457, a critical buffer overflow flaw exploited by Chinese hackers for remote code execution.

    @Huntio

    17 Apr 2025

    195 Impressions

    2 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. UNC5221 exploits CVE-2025-22457 in Ivanti Connect Secure, targeting global networks with custom malware. A critical threat to U.S. organizations and beyond. ⚠️💻 #CyberEspionage #Vulnerability #China link: https://t.co/TFJ0siCzQI https://t.co/9QQdsENn4F

    @TweetThreatNews

    17 Apr 2025

    17 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    17 Apr 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    16 Apr 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. UNC5221の話めちゃくちゃ出てくる。IvantiのCVE-2025-22457の被害がかなり広範囲に出てて、IR対応とフォレンジックでどんどん掘れてるのかな。 Chinese Hackers Unleash New BRICKSTORM Malware to Target Windows and Linux Systems https://t.co/Bk8x3nEIjW @GBHackers

    @Osint_Rh

    16 Apr 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. #786 悪用する攻撃を国内でも確認 ~ Ivanti Connect Secure などに脆弱性(CVE-2025-22457) - セキュリティジョッキー松野 https://t.co/oMd4VGT6IQ #Voicy #叱らなきゃいけない時

    @security_radio

    16 Apr 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    16 Apr 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Time for a CyberByte! A China-nexus APT group exploited critical stack buffer overflow vulnerabilities (CVE-2025-0282 and CVE-2025-22457) in Ivanti Connect Secure VPN appliances. The victims span nearly twenty different industries across twelve countries; the vulnerabilities htt

    @ITISAC

    15 Apr 2025

    134 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    15 Apr 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. 中国との関連が疑われる脅威アクターが Ivanti Connect Secure の重大な脆弱性(CVE-2025-22457)を積極的に悪用している可能性が判明 #GoogleCloud https://t.co/qrjduvMpaG

    @kaz_goto

    15 Apr 2025

    128 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    15 Apr 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. 中国のAPTグループがIvanti VPNの重大な脆弱性(CVE-2025-0282/CVE-2025-22457)を悪用し、世界12カ国・約20業種にサイバースパイ攻撃を展開。高度なマルウェア「SPAWNCHIMERA」を使用し、検出回避技術で長期潜伏。 https://t.co/SbLVUyGMOV

    @01ra66it

    14 Apr 2025

    816 Impressions

    2 Retweets

    17 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  21. 中国と関係するAPTグループが、Ivanti Connect Secure VPNの重大な脆弱性(CVE-2025-0282およびCVE-2025-22457)を悪用し、12か国・20業種の組織に侵入したとTeamT5が報告した。

    @yousukezan

    14 Apr 2025

    2063 Impressions

    3 Retweets

    14 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Suspected China-Nexus Threat Actor Actively Exploiting Critical #Ivanti Connect Secure #Vulnerability (CVE-2025-22457) https://t.co/qyD97tEu57

    @club31337

    14 Apr 2025

    239 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 中国系APT集団がIvanti Connect Secure VPNを悪用して複数組織に侵入している。TeamT5社報告。CVE-2025-0282及びCVE-2025-22457を悪用した可能性。中国のアクター間で共有されるIvanti機器専用マルウェアSPAWNCHIMERAを使用。 https://t.co/rUHoNRf7fb

    @__kokumoto

    14 Apr 2025

    3636 Impressions

    9 Retweets

    29 Likes

    16 Bookmarks

    1 Reply

    1 Quote

  24. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    14 Apr 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    13 Apr 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    12 Apr 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices. https://t.co/emrDD25GL9 https://t.co/PBPzcWoRBO

    @persistsec

    12 Apr 2025

    108 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Rapid7、静かなパッチの混乱の後、Ivanti VPNアプライアンスにおけるRCEの経路を明らかにする(CVE-2025-22457) https://t.co/25rdTBkKC6 #security #セキュリティ #ニュース

    @SecureShield_

    12 Apr 2025

    273 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨 Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed Full Story: https://t.co/lLmk1VuAeu A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated remote code execution (RCE) vulnerability impacting several Ivanti products. A ht

    @The_Cyber_News

    11 Apr 2025

    343 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. GitHub - sfewer-r7/CVE-2025-22457 https://t.co/RnwqvFpKBF

    @akaclandestine

    11 Apr 2025

    1128 Impressions

    5 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  31. CVE-2025-22457 teaches us that spray and pray is still a thing

    @steventseeley

    11 Apr 2025

    3436 Impressions

    0 Retweets

    36 Likes

    7 Bookmarks

    2 Replies

    0 Quotes

  32. Rapid7は、Ivanti Connect Secureに存在する重大なゼロデイ脆弱性(CVE-2025-22457)の技術詳細と実証コードを公開した。 この脆弱性は、HTTPヘッダー(特にX-Forwarded-For)処理時のスタックバッファオーバーフローに起因し、認証不要で遠隔から任意コード実行が可能である。

    @yousukezan

    11 Apr 2025

    1779 Impressions

    4 Retweets

    14 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  33. Ivanti Zero-Day CVE-2025-22457 Exploit Details Released https://t.co/tJjP7qlK85

    @Dinosn

    11 Apr 2025

    5659 Impressions

    31 Retweets

    121 Likes

    25 Bookmarks

    1 Reply

    2 Quotes

  34. CVE-2025-22457 Exploit https://t.co/87Zzr1xpbO

    @Handshaking_py

    11 Apr 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Rapid7 reveals details of Ivanti zero-day CVE-2025-22457, a critical stack-based buffer overflow actively exploited by a China-linked group. Learn about the vulnerability and available patches. https://t.co/is289wV3S2

    @the_yellow_fall

    11 Apr 2025

    832 Impressions

    4 Retweets

    17 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  36. #CybersecurityNEWS🔴👨💻👾 Ivanti ha lanzado un parche urgente para su solución Connect Secure, corrigiendo la vulnerabilidad de día cero CVE-2025-22457, que fue explotada desde mediados de marzo.  Ver más: https://t.co/D01z0gnoV8 #ciberseguridad #DevelNews https://t.co/dxuAjzG

    @develsecurity

    11 Apr 2025

    110 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. We have just published our AttackerKB @rapid7 Analysis of CVE-2025-22457, an unauth stack buffer overflow in Ivanti Connect Secure. Difficult to exploit due to severe character restrictions, we detail our full RCE technique here: https://t.co/MKx9O90rm2

    @stephenfewer

    10 Apr 2025

    8544 Impressions

    43 Retweets

    90 Likes

    20 Bookmarks

    7 Replies

    4 Quotes

  38. #DOYOUKNOWCVE In the shadows of cyberspace, attackers are already inside. Four critical vulnerabilities are being actively exploited right now, targeting widely used platforms. The threat is real—and urgent. CVE-2025-22457 – Buffer overflow in Ivanti Connect Secure lets https

    @Loginsoft_Inc

    10 Apr 2025

    229 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  39. [1day1line] CVE-2025-22457: X-Forwarded-For Stack Buffer Overflow Vulnerability in Ivanti Connect Secure https://t.co/aXk7DhJnc7 Today’s Vulnerabiltiy is CVE-2025-22457 from Ivanti, which is currently being exploited in the wild (ITW). It’s a vulnerability that can be triggered

    @hackyboiz

    10 Apr 2025

    3430 Impressions

    21 Retweets

    45 Likes

    14 Bookmarks

    1 Reply

    0 Quotes

  40. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    10 Apr 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  41. 🚨 CVE-2025-22457: Critical RCE in Ivanti products now under active attack by UNC5221. ⚙️ Exploit: X-Forwarded-For buffer overflow 🧠 Malware: TRAILBLAZE, BRUSHFIRE, SPAWNSLOTH 📉 Impact: Remote code execution, log tampering, SSL interception Read more → https://t.co/NhVUjxa4ta

    @PicusSecurity

    9 Apr 2025

    260 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🔍 ثغرة أمنية مهمة في منتجات إيفانتي تهدد الأنظمة الحساسة، رمز CVE-2025-22457. تأثيرها على Connect Secure وZTA Gateways وPolicy Secure يفتح الباب أمام الهجمات السيبرانية. القطاعات المالية والحكومية في خطر! للمزيد: https://t.co/jq4mjW7UeI #الأمن_السيبراني #الثغرات_الأمنية

    @CYBRAT_NET

    9 Apr 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Ivanti Connect Secureなどにおける脆弱性(CVE-2025-22457)に関する注意喚起 https://t.co/I9YQaq4bz4 @jpcert

    @nonfictio_cyber

    8 Apr 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers. https://t.co/MFCg09N630 https://t.co/BQKTw7LOYg

    @persistsec

    8 Apr 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログで、以下の脆弱性の悪用が確認された。 - WindowsのCVE-2018-8639, CVE-2024-30051 - SharePointのCVE-2024-38094 また、Ivanti社VPN製品群のCVE-2025-22457では、要求対策がハンティングを含むものに変更。 https://t.co/wQDUw2hGxs

    @__kokumoto

    7 Apr 2025

    1130 Impressions

    0 Retweets

    6 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  46. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-22457—a critical vulnerability affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways—to its Known Exploited Vulnerabilities (KEV) Catalog. More: https://t.co/DuvO3JbmMo #Hoploninfosec

    @HoplonInfosec

    7 Apr 2025

    105 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-22457 #Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability https://t.co/HfzGwAyPs6

    @ScyScan

    7 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 Ivanti Zero-Day Exploited 🚨 CVE-2025-22457 enables unauthenticated RCE on outdated Connect Secure versions. Patch now to 22.7R2.6. Use Ivanti’s ICT tool to check for compromise. Ongoing attacks linked to UNC5221. Stay protected - https://t.co/BLjQF3JlQW https://t.co/XOMAQcf0

    @SecurityJoes

    7 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. China-backed UNC5221 is exploiting another Ivanti VPN flaw (CVE-2025-22457). What was once a "low-risk" bug turned into a full-blown RCE vector—actively exploited in the wild before it was even disclosed. Edge devices are under siege. #CyberSecurity #APT https://t.co/1o58kv2nbg

    @Shift6Security

    7 Apr 2025

    116 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  50. https://t.co/C6JBwD03uq Ivanti rilascia aggiornamenti di sicurezza per la vulnerabilità dei gateway Connect Secure, Policy Secure e ZTA (CVE-2025-22457). Hacker Stato-Nazione cinesi

    @palmacci24838

    7 Apr 2025

    58 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations