Cyber Resilience

CVE-2025-22467

Critical

Published: 11 February 2025

Published
11 February 2025
Modified
20 February 2025
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.2693 96.5th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22467 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Ivanti Connect Secure. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A stack-based buffer overflow vulnerability tracked as CVE-2025-22467 affects Ivanti Connect Secure prior to version 22.7R2.6. The flaw is assigned CWE-121 and carries a CVSS 3.1 base score of 9.9 reflecting network attack vector, low attack complexity, low privileges required, and changed scope with high impact on confidentiality, integrity, and availability.

Remote authenticated attackers can supply crafted input to trigger the overflow and achieve remote code execution on the appliance. Because the vulnerability is reachable over the network without user interaction, successful exploitation can lead to full system compromise within the affected security perimeter.

The February security advisory published by Ivanti recommends upgrading Ivanti Connect Secure to 22.7R2.6 or later, along with applying corresponding fixes for related products such as Ivanti Policy Secure and Ivanti Secure Access Client.

The EPSS score rose from lower values after disclosure to a peak of 0.7030 on 2026-02-03 before receding to the current 0.2693, indicating that exploitation interest emerged post-publication and that the CVE warrants renewed attention.

EU & UK References

Vulnerability details

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Stack-based buffer overflow enabling RCE in public-facing Ivanti Connect Secure VPN application, exploitable remotely by low-privilege authenticated attackers.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0283Same product: Ivanti Connect Secure
CVE-2025-0282Same product: Ivanti Connect Secure
CVE-2024-10644Same product: Ivanti Connect Secure
CVE-2025-55147Same product: Ivanti Connect Secure
CVE-2025-55142Same product: Ivanti Connect Secure
CVE-2025-55145Same product: Ivanti Connect Secure
CVE-2025-55141Same product: Ivanti Connect Secure
CVE-2024-35279Same product class: VPN / SSL gateway
CVE-2026-8110Same vendor: Ivanti
CVE-2025-24472Same product class: VPN / SSL gateway

Affected Assets

ivanti
connect secure
22.7 · ≤ 22.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the stack-based buffer overflow by requiring timely patching and updating Ivanti Connect Secure to version 22.7R2.6 or later as specified in the advisory.

prevent

Implements memory protections like stack canaries, ASLR, and DEP that prevent exploitation of stack-based buffer overflows to achieve remote code execution.

prevent

Requires validation of information inputs to the vulnerable software component, reducing the risk of malformed data triggering the buffer overflow.

References