New Vulnerability in Ivanti Connect Secure Allows Attackers to Execute Code Remotely
Recently, a new serious cybersecurity threat has emerged. Ivanti has disclosed a critical vulnerability, CVE-2025-22467, in its Connect Secure (ICS) product. This flaw, categorized as a stack-based buffer overflow, has been rated 9.9 (Critical) on the CVSS v3.1 scale, allowing remote authenticated attackers to execute arbitrary code on vulnerable systems.
This vulnerability falls under CWE-121: Stack-Based Buffer Overflow, which occurs when data written to a memory buffer exceeds its allocated size, corrupting adjacent memory regions. As a result, an attacker could disrupt system operations, modify or delete data, and gain full control over the device.
The most alarming aspect of this flaw is that it can be exploited remotely by attackers with low privileges—without any user interaction. The attack is network-based, requires low complexity to exploit, and poses a high risk to confidentiality, integrity, and availability (CIA – Confidentiality, Integrity, Availability).
In an official statement, Ivanti stated:
“We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure.”
Ivanti strongly urges users to update their systems to version 22.7R2.6 or later. The following table outlines the affected and resolved versions:
| Product | Affected Versions | Fixed Versions |
|---|---|---|
| Ivanti Connect Secure | 22.7R2.5 and earlier | 22.7R2.6 and later |
If immediate patching is not possible, Ivanti recommends the following security measures:
✅ Network Segmentation – Restrict access to vulnerable systems and allow connections only from trusted IP addresses.
✅ Log Monitoring & Analysis – Continuously review logs for suspicious activities or unauthorized access attempts.
✅ Principle of Least Privilege – Limit user permissions to only what is necessary.
✅ Factory Reset for Compromised Devices – If a system is suspected to be compromised, perform a full factory reset before upgrading.
Ivanti Connect Secure has faced several critical security flaws in recent years, including:
🔹 CVE-2024-10644 – A code injection vulnerability that allowed attackers to execute malicious commands.
🔹 CVE-2024-12058 – A file-read vulnerability that enabled unauthorized access to sensitive files.
These vulnerabilities have been actively exploited by Advanced Persistent Threat (APT) groups and cybercriminals, raising concerns that CVE-2025-22467 may soon become a target as well.
Cybercriminals are constantly evolving their attack methods, and the newly discovered CVE-2025-22467 vulnerability in Ivanti Connect Secure is yet another example of this growing threat. Since this flaw enables remote attackers to take full control of a system, organizations must prioritize patching their systems to version 22.7R2.6 or later immediately.
Any system that is not updated in a timely manner creates an open door for attackers. Therefore, organizations must regularly assess their security policies, evaluate system vulnerabilities, and implement proactive protection measures.
