In early April 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability, identified as CVE-2025-22457, to its Known Exploited Vulnerabilities Catalog. This vulnerability affects Ivanti's Connect Secure, Policy Secure, and ZTA Gateways, posing significant risks due to active exploitation in the wild.
CVE-2025-22457 is a stack-based buffer overflow vulnerability present in Ivanti Connect Secure versions prior to 22.7R2.6, Ivanti Policy Secure versions before 22.7R1.4, and Ivanti ZTA Gateways versions before 22.8R2.2. This flaw allows remote, unauthenticated attackers to execute arbitrary code on affected systems, potentially leading to full system compromise. The vulnerability has been assigned a critical severity score of 9.0 out of 10, underscoring its potential impact. (cvefind.com)
In conclusion, organizations utilizing Ivanti's Connect Secure, Policy Secure, and ZTA Gateways must prioritize updating their systems to the latest versions to mitigate the risks associated with CVE-2025-22457. Continuous monitoring and adherence to security advisories are essential in safeguarding against such vulnerabilities.
Source: www.cisa.gov CISA Adds One Vulnerability to the KEV Catalog | CISA
Understanding CVE-2025-22457
CVE-2025-22457 is a stack-based buffer overflow vulnerability present in Ivanti Connect Secure versions prior to 22.7R2.6, Ivanti Policy Secure versions before 22.7R1.4, and Ivanti ZTA Gateways versions before 22.8R2.2. This flaw allows remote, unauthenticated attackers to execute arbitrary code on affected systems, potentially leading to full system compromise. The vulnerability has been assigned a critical severity score of 9.0 out of 10, underscoring its potential impact. (cvefind.com)Exploitation in the Wild
Evidence indicates that the Chinese state-sponsored cyber-espionage group UNC5221 has actively exploited CVE-2025-22457. The group has deployed malware variants such as TRAILBLAZE, an in-memory dropper, and BUSHFIRE, a passive backdoor, to infiltrate vulnerable systems. These attacks have been observed since mid-March 2025, following the release of patches in February 2025. (techradar.com)Ivanti's Response and Patching
Ivanti addressed this vulnerability by releasing patches in February 2025. The fixed versions are:- Ivanti Connect Secure: 22.7R2.6
- Ivanti Policy Secure: 22.7R1.4
- Ivanti ZTA Gateways: 22.8R2.2
CISA's Recommendations
CISA urges organizations to apply the necessary mitigations, conduct thorough hunt activities, and take appropriate remediation actions. Organizations should report any incidents or anomalous activities to CISA’s 24/7 Operations Center.Broader Implications
The exploitation of CVE-2025-22457 highlights the persistent threats posed by state-sponsored actors targeting critical infrastructure. It underscores the importance of timely patch management and proactive security measures to protect against sophisticated cyber threats.In conclusion, organizations utilizing Ivanti's Connect Secure, Policy Secure, and ZTA Gateways must prioritize updating their systems to the latest versions to mitigate the risks associated with CVE-2025-22457. Continuous monitoring and adherence to security advisories are essential in safeguarding against such vulnerabilities.
Source: www.cisa.gov CISA Adds One Vulnerability to the KEV Catalog | CISA
Last edited:
