CVE-2025-22457: Ivanti Connect Secure, Policy Secure, and ZTA Gateways
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability. Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.
- CISA KEV-listed (remediation due 2025-04-11)
- used in ransomware campaigns
- EPSS 58.9% (98.3% percentile)