CVE-2025-22457

Published Apr 3, 2025

Last updated 3 hours ago

Exploit knownCVSS critical 9.0
Ivanti
Connect Secure
Policy Secure

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-22457 is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. It allows a remote, unauthenticated attacker to execute arbitrary code on the target device. The vulnerability is triggered by network access to the impacted appliances. Exploitation of CVE-2025-22457 has been observed in the wild, with attackers using a shell script dropper to inject the BRUSHFIRE passive backdoor into a running web process.

Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Exploit added on
Apr 4, 2025
Exploit action due
Apr 11, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-121

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

53

  1. 🚨 CVE-2025-22457 ⚠️🔴 CRITICAL (9) 🏢 Ivanti - Connect Secure 🏗️ 22.7R2.6 🔗 https://t.co/yotFa5zek1 #CyberCron #VulnAlert #InfoSec https://t.co/HaGk2oKLPM

    @cybercronai

    5 Apr 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨CISA just added Ivanti Connect Secure, Policy Secure and ZTA Gateways to its🛡️KEV Catalog because of Stack-Based Buffer Overflow (CVE-2025-22457) Read our annotated CVE Report at https://t.co/WU2FWwxE4i and consult our A.I. and Q & A for mitigations #Cybersecurity #InfoS

    @BaseFortify

    4 Apr 2025

    72 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Critical Ivanti vulnerability CVE-2025-22457 exploited to deploy TRAILBLAZE and BRUSHFIRE malware. Users urged to patch immediately. #CyberSecurity #Ivanti #Malware #CVE202522457 https://t.co/nsIFXjomon https://t.co/tssJShgXZY

    @dailytechonx

    4 Apr 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Ivanti Corporate VPN software patched CVE-2025-22457. At the time, the vulnerability was not considered to be exploitable. Mandiant now published a blog disclosing that the vulnerability was exploited as soon as mid-march. All they had to do was just reverse engineer the patch h

    @CareWeDoNot

    4 Apr 2025

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Desbordamiento de búfer basado en pila en productos de Ivanti CVE-2025-22457 Connect Secure, 22.7R2.5 y anteriores Pulse Connect Secure, 9.1R18.9 y anteriores Policy Secure, 22.7R1.3 y anteriores; Neurons para ZTA Gateways, versiones 22.8R2 https://t.co/UIDaOS7NdL https://t.c

    @elhackernet

    4 Apr 2025

    14 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  6. Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457) - watchTowr Labs https://t.co/pFf0TeTHuo https://t.co/0RRoPh0PF1

    @secharvesterx

    4 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Security Alert: Active Exploitation of Ivanti Vulnerability (CVE-2025-22457) A critical vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways is now under active exploitation by threat actors. 🔗 Full advisory from Ivanti: https://t.co/VLhZ1aenLE https://t.co/

    @smarttech247

    4 Apr 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. #BUGBOARD is here!💡 🚨Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware: Ivanti has patched a critical security vulnerability (CVE-2025-22457) in its Connect Secure, Policy Secure, and ZTA Gateways products. Link: https://t.co/qtIjAMbbCU

    @bugbreport

    4 Apr 2025

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. A critical security flaw (CVE-2025-22457) in Ivanti's Connect Secure systems is being exploited to deploy TRAILBLAZE and BRUSHFIRE malware, linked to China’s UNC5221 group. Stay vigilant! 🔐💻 #Ivanti #UNC5221 #China link: https://t.co/HgNquJeFWf https://t.co/isoxtYbSK9

    @TweetThreatNews

    4 Apr 2025

    175 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-22457: Ivanti Connect Secure, 9.0 rating, unauthenticated RCE🔥 👉 Dork: http.body:"welcome.cgi?p=logo" I will notify you all once i will get the actual nuclei template! Vendor's advisory: https://t.co/3H8psbOQ4x #bugbounty #bugbountytips #rce #cve #vulnerability #hack

    @darkshadow2bd

    4 Apr 2025

    230 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. After the disclosure of CVE-2025-22457, exploited since mid-March in Ivanti/Pulse Connect Secure, I checked the latest exposed servers. 12,471 are up today, 66% (8,246) are vulnerable, and alarmingly, about 50% (6,049) remain on pre-9.x versions EOL since Dec 2024. https://t.co/Z

    @nekono_naha

    4 Apr 2025

    1175 Impressions

    4 Retweets

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  12. Ivanti、3月中旬から中国系スパイ行為のアクターが悪用しているConnect Secureのゼロデイ脆弱性に対するパッチを発表(CVE-2025-22457) https://t.co/SqYmw2P8x1 #Security #セキュリティ #ニュース

    @SecureShield_

    4 Apr 2025

    271 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. UNC5221 exploits Ivanti zero-day (CVE-2025-22457) to deploy TRAILBLAZE & BRUSHFIRE malware—active attacks on unpatched systems. Immediate action required: https://t.co/zsufar7Jf3 #CyberSecurity #APT

    @adriananglin

    4 Apr 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-22457: RCE in Ivanti Connect Secure, 9.0 rating 🔥 A buffer overflow in Ivanti Connect Secure allows an unauthenticated attacker to perform remote code execution. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/AsYvbtlqzN #cybersecurity #vulnerability_map htt

    @Netlas_io

    4 Apr 2025

    924 Impressions

    3 Retweets

    11 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 Critical Ivanti flaw (CVE-2025-22457, CVSS 9.0) actively exploited to deploy TRAILBLAZE & BRUSHFIRE malware. Patch ASAP! Details👇 🔗 https://t.co/eIgzVPDRfc #CyberSecurity #InfoSec https://t.co/eIgzVPDRfc

    @SalvadorCloud

    4 Apr 2025

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🔥 New Ivanti ZERO-DAY exploited in the wild — China-linked UNC5221 hits Connect Secure (CVE-2025-22457, CVSS 9.0). 💣 Exploits spotted mid-March by Mandiant. 🕵️‍♂️Malware: TRAILBLAZE, BRUSHFIRE, SPAWN. 🎯 Persistence. Credential theft. Data exfiltration. ⚡ Patch now | See ful

    @TheHackersNews

    4 Apr 2025

    15532 Impressions

    29 Retweets

    55 Likes

    9 Bookmarks

    1 Reply

    2 Quotes

  17. Ivanti/Pulse Connect Secureの少なくとも3月中旬頃から悪用されていたCVE-2025-22457について調査。本日調査時点でもグローバルで12471台の機器が稼働しており、内66% 8246台が本脆弱性に該当。更に少なくとも1957台がEOL状態で稼働し、日本は最もEOL利用台数と率が多い💀 https://t.co/LgmFzGD8aM https://t.co/dH8FkVuLTR

    @nekono_naha

    4 Apr 2025

    6237 Impressions

    21 Retweets

    55 Likes

    14 Bookmarks

    1 Reply

    0 Quotes

  18. #threatreport #MediumCompleteness Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | 03-04-2025 Source: https://t.co/EVOla1aviw Key details below ↓ 🧑‍💻Actors/Campaigns: Unc5221 (🧠motivation: cyber_espionage)

    @rst_cloud

    4 Apr 2025

    309 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 今回のIvantiの件(CVE-2025-22457)は"結果的に"ですけど、脆弱性対応においてサイレント修正をどう考えるかは悩ましいところですね。

    @autumn_good_35

    4 Apr 2025

    3175 Impressions

    0 Retweets

    14 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  20. Ivanti Connect Secureなどにおける脆弱性(CVE-2025-22457)に関する注意喚起を公開。すでにサポートが終了している9.1系のバージョンなどが影響を受け、国内ホストでも本脆弱性の悪用と思われる攻撃が発生しています。製品の利用者は侵害有無の調査などを実施ください。^KK https://t.co/lLSlTyyTuV

    @jpcert

    4 Apr 2025

    4785 Impressions

    14 Retweets

    22 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  21. 統合版 JPCERT/CC | 注意喚起: Ivanti Connect Secureなどにおける脆弱性(CVE-2025-22457)に関する注意喚起 (公開) https://t.co/ni2aZzGstX #itsec_jp

    @itsec_jp

    4 Apr 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 注意喚起: Ivanti Connect Secureなどにおける脆弱性(CVE-2025-22457)に関する注意喚起 (公開) https://t.co/mhYFSGyWlh

    @AileenWoodstock

    4 Apr 2025

    119 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 2025-04-03 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | Google Cloud Blog https://t.co/1goHjlgmtO https://t.co/WojppGCQ5U

    @motikan2010

    4 Apr 2025

    241 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Actively exploited CVE : CVE-2025-22457

    @transilienceai

    4 Apr 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. IvantiのRCE脆弱性 CVE-2025-22457 が修正リリースされました。影響を受ける製品は以下の通りです。 ・Ivanti Connect Secure(22.7R2.5以前のバージョン) ・Pulse Connect Secure 9.x(※2024年12月31日でサポート終了) ・Ivanti Policy Secure ・Ivanti ZTA Gateways https://t.co/8eM3Mcpb4H https://t.co/TzNnDuLJoH

    @t_nihonmatsu

    3 Apr 2025

    379 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  26. 中国に関連するサイバースパイグループが、IvantiのConnect Secure、Policy Secure、ZTAゲートウェイ製品に存在する脆弱性(CVE-2025-22457)を悪用し、新たなマルウェアを展開していることが明らかになった。Ivantiはリスク評価を引き上げ、即時のアップデートを推奨。 https://t.co/Zyf784rBTr

    @01ra66it

    3 Apr 2025

    1549 Impressions

    4 Retweets

    11 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  27. 🚨 Urgent: A critical RCE vulnerability (CVE-2025-22457) in Ivanti VPN appliances is being exploited by a Chinese APT group. Customers must patch to avoid potential attacks! ⚠️ #Ivanti #RCE #China link: https://t.co/pvs6JrI4oy https://t.co/gUHHegZDbV

    @TweetThreatNews

    3 Apr 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457) https://t.co/xof9IVUTQ0

    @stephenmarriott

    3 Apr 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨 New CVE Alert: CVE-2025-22457 @Mandiant confirms active exploitation of a critical Ivanti Connect Secure RCE vulnerability by suspected China-nexus actor UNC5221. Involves custom malware (TRAILBLAZE, BRUSHFIRE) and the SPAWN ecosystem. 📌 CVE: https://t.co/NToaYLEr0k 📊 136K+

    @modat_magnify

    3 Apr 2025

    52 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 New CVE Alert: CVE-2025-22457 @Mandiant confirms active exploitation of a critical Ivanti Connect Secure RCE vulnerability by suspected China-nexus actor UNC5221. Involves custom malware (TRAILBLAZE, BRUSHFIRE) and the SPAWN ecosystem. 📌 CVE: https://t.co/NToaYLDTaM 📊

    @modat_magnify

    3 Apr 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. #Ivanti VPN #customers targeted via unrecognized RCE vulnerability (#CVE-2025-22457) https://t.co/qyaW2GbGEL

    @ScyScan

    3 Apr 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨 Ivanti has patched a critical zero-day vulnerability (CVE-2025-22457) exploited by a Chinese hacking group. Multiple products affected. Update urgently to protect against active malware attacks. 🔒 #Ivanti #China #MalwareThreats link: https://t.co/QLEjzvdYzF https://t.co/K8mR

    @TweetThreatNews

    3 Apr 2025

    112 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  33. Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) https://t.co/cmqk9946vv https://t.co/GL1LcQMO8m

    @secharvesterx

    3 Apr 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🚨 Ivanti Vulnerability (CVE-2025-22457) Actively Exploited Mandiant & Ivanti discovered active exploitation of a critical buffer overflow vulnerability in Ivanti Connect Secure VPN, leading to remote code execution. Patch now to secure your systems: https://t.co/iV4rj8KtWJ

    @Mandiant

    3 Apr 2025

    3712 Impressions

    19 Retweets

    41 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  35. CVE-2025-22457 is a critical stack-based buffer overflow vulnerability affecting Ivanti Connect Secure VPN appliances, Pulse Connect Secure, Ivanti Policy Secure, and ZTA gateways. Exploitation has been observed in the wild. #Thre... https://t.co/o2VcnrbwIe

    @RedLegg

    3 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Ivanti Connect Secureにおけるスタックベースバッファオーバーフロー(CVE-2025-22457) CVE-2025-22457は、Ivanti社の「Ivanti Connect Secure(ICS)」や「Policy Secure」「ZTA Gateways」等に影響するスタックベースのバッファオーバーフロー脆弱性であり、リモートコード実行(RCE)が可能。

    @ken_j_4p

    3 Apr 2025

    120 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  37. Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) https://t.co/ra7BKZNT5i @Mandiant

    @780thC

    3 Apr 2025

    2148 Impressions

    16 Retweets

    36 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

  38. ⚠️Alerte CERT-FR⚠️ La vulnérabilité CVE-2025-22457 affecte les produits Ivanti et permet à un attaquant non authentifié d'exécuter du code arbitraire à distance. Cette vulnérabilité est activement exploitée. https://t.co/49u2OfrUut

    @CERT_FR

    3 Apr 2025

    6857 Impressions

    11 Retweets

    14 Likes

    3 Bookmarks

    0 Replies

    2 Quotes

  39. Another Ivanti flaw (CVE-2025-22457)! 😡 Fed up with these endless vulnerabilities. When will security be a priority? 🔒 #Cybersec #Ivanti 👇 https://t.co/JE2eYmDcFC

    @_F2po_

    3 Apr 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Encore une faille critique d'Ivanti (CVE-2025-22457) ! Ras-le-bol de ces vulnérabilités à répétition. Quand la sécurité sera-t-elle prioritaire ? #Cybersecu #Ivanti 👇 https://t.co/JE2eYmDcFC

    @_F2po_

    3 Apr 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Vulnerable edge devices attract threat actors like honey. UNC5221 China-linked actively exploiting CVE-2025-22457 (CVSS 9.0) a critical Ivanti VPN vulnerability since mid-March 2025. Patch version 22.7R2.6 #CVE #Exploited #POC #patch #vulnerability https://t.co/NnTSS5yzOy

    @MarioRojasChin

    3 Apr 2025

    241 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  42. Fresh off the press today is a new blog detailing our observations from in the wild exploitation of CVE-2025-22457 by UNC5221 that includes two newly observed malware families tracked as BRUSHFIRE and TRAILBLAZE. https://t.co/3GyFL1cWCo

    @Big_Bad_W0lf_

    3 Apr 2025

    968 Impressions

    7 Retweets

    26 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  43. [CVE-2025-22457: CRITICAL] Stack-based buffer overflow in Ivanti Connect Secure, Policy Secure, and ZTA Gateways allows remote unauthenticated attackers to perform remote code execution.#cybersecurity,#vulnerability https://t.co/CUbrEqPoIq https://t.co/Fb2zpRxsiU

    @CveFindCom

    3 Apr 2025

    142 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 🚨 Threat Alert: Exploitation of Ivanti Connect Secure Vulnerability (CVE-2025-22457) by China-Nexus Threat Actor 📅 Date: 2025-03-15 to 2025-04-03 📌 Attribution: UNC5221 (suspected China-nexus espionage actor) 📝 Summary: A critical security vulnerability, CVE-2025-22457, in

    @syedaquib77

    3 Apr 2025

    121 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. #Haavoittuvuus 09/2025 🌐 Ivanti Connect Secure -haavoittuvuuden (CVE-2025-22457) hyväksikäyttöä havaittu vanhemmissa versioissa, päivitä ohjelmistot välittömästi! https://t.co/6CpIXQAYtm

    @CERTFI

    3 Apr 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 🚨 Critical Ivanti VPN vuln CVE-2025-22457 is under active attack! Threat actors are deploying new malware like TRAILBLAZE & BRUSHFIRE. Patch IMMEDIATELY! Version 22.7R2.6 fixes this. More info & IOCs: 👇 #cybersecurity #threatintel #ivanti https://t.co/tJz2dsOMNM

    @fernandokarl

    3 Apr 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes