fkie_cve-2025-22467
Vulnerability from fkie_nvd
Published
2025-02-11 16:15
Modified
2025-02-20 15:53
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivanti | connect_secure | * | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", matchCriteriaId: "82432B1B-F50E-4D85-B4B5-6C91923F1BF9", versionEndIncluding: "22.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", matchCriteriaId: "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", matchCriteriaId: "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", matchCriteriaId: "1EAD1423-4477-4C35-BF93-697A2C0697C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", matchCriteriaId: "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", matchCriteriaId: "865F72BF-57B2-4B0C-BACE-3500E0AE6751", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", matchCriteriaId: "39E11407-E0C0-454F-B731-7DA4CBC696EB", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", matchCriteriaId: "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", matchCriteriaId: "E0059C69-4A18-4153-9D9A-5C1B03AD1453", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", matchCriteriaId: "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*", matchCriteriaId: "3447428E-DBCD-4553-B51D-AC08ECAFD881", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*", matchCriteriaId: "A08BAF98-7F05-4596-8BFC-91F1A79D3BD1", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:22.7:r2.5:*:*:*:*:*:*", matchCriteriaId: "40717D97-A062-49C4-B105-C22AAC3A206A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.", }, { lang: "es", value: "Un desbordamiento de búfer basado en pila en Ivanti Connect Secure anterior a la versión 22.7R2.6 permite que un atacante autenticado remoto logre la ejecución remota de código.", }, ], id: "CVE-2025-22467", lastModified: "2025-02-20T15:53:06.133", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 6, source: "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-11T16:15:50.840", references: [ { source: "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", tags: [ "Vendor Advisory", ], url: "https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", }, ], sourceIdentifier: "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.