Ivanti Products Remote Code Execution Vulnerability
Release Date: 7 Apr 2025
RISK: Extremely High Risk
TYPE: Operating Systems - Networks OS
A vulnerability has been identified in Ivanti Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Note:
CVE-2025-22457 is being exploited in the wild. A remote, unauthenticated attacker could exploit this vulnerability to trigger execute code on the target device.
Impact
- Remote Code Execution
System / Technologies affected
Versions prior or equal to:
- Pulse Connect Secure version 9.1R18.9 (end-of-support)
- Ivanti Connect Secure version 22.7R2.5
- Ivanti Policy Secure version 22.7R1.3
- ZTA Gateways version 22.8R2
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://www.ivanti.com/blog/security-update-pulse-connect-secure-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways
- https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457
Vulnerability Identifier
Source
Related Link
- https://www.ivanti.com/blog/security-update-pulse-connect-secure-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways
- https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-22457
沒有留言:
發佈留言