CVE-2025-22467
Published: 11 February 2025
Summary
CVE-2025-22467 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Ivanti Connect Secure. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A stack-based buffer overflow vulnerability tracked as CVE-2025-22467 affects Ivanti Connect Secure prior to version 22.7R2.6. The flaw is assigned CWE-121 and carries a CVSS 3.1 base score of 9.9 reflecting network attack vector, low attack complexity, low privileges required, and changed scope with high impact on confidentiality, integrity, and availability.
Remote authenticated attackers can supply crafted input to trigger the overflow and achieve remote code execution on the appliance. Because the vulnerability is reachable over the network without user interaction, successful exploitation can lead to full system compromise within the affected security perimeter.
The February security advisory published by Ivanti recommends upgrading Ivanti Connect Secure to 22.7R2.6 or later, along with applying corresponding fixes for related products such as Ivanti Policy Secure and Ivanti Secure Access Client.
The EPSS score rose from lower values after disclosure to a peak of 0.7030 on 2026-02-03 before receding to the current 0.2693, indicating that exploitation interest emerged post-publication and that the CVE warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2777
Vulnerability details
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow enabling RCE in public-facing Ivanti Connect Secure VPN application, exploitable remotely by low-privilege authenticated attackers.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the stack-based buffer overflow by requiring timely patching and updating Ivanti Connect Secure to version 22.7R2.6 or later as specified in the advisory.
Implements memory protections like stack canaries, ASLR, and DEP that prevent exploitation of stack-based buffer overflows to achieve remote code execution.
Requires validation of information inputs to the vulnerable software component, reducing the risk of malformed data triggering the buffer overflow.