Overview of the Security Update
Ivanti recently released important security updates to address a significant remote code execution vulnerability in Connect Secure that has been exploited by espionage actors linked to China since at least mid-March 2025.
Details of the Vulnerability
The vulnerability, identified as CVE-2025-22457, stems from a stack-based buffer overflow issue affecting several Ivanti products including Pulse Connect Secure 9.1x, Ivanti Connect Secure 22.7R2.5 and earlier versions, Policy Secure, and Neurons for ZTA gateways.
This critical flaw, initially underestimated as a less severe bug, has been confirmed to allow remote attacks without needing user authentication, making it particularly dangerous.
Response and Recommendations
Ivanti addressed this flaw by releasing Ivanti Connect Secure 22.7R2.6 on February 11, 2025. The update not only patches the vulnerability but also halts its current exploitation in the wild. Ivanti strongly advises all users to upgrade their systems to the latest version immediately to avoid potential security risks.
Upcoming Patches for Additional Products
Patches for Policy Secure and ZTA Gateways are under development, with expected release dates of April 19 and April 21 respectively. Meanwhile, Ivanti has confirmed that these products are currently not targeted by exploits and face a significantly reduced risk.
Important User Actions
Ivanti recommends administrators to frequently check their Integrity Checker Tool (ICT) for any signs of web server crashes, which may indicate a compromise. In such cases, a factory reset and upgrade to Ivanti Connect Secure 22.7R2.6 is advisable.
Product Patch Details
- Ivanti Connect Secure: Affected up to 22.7R2.5, patched in 22.7R2.6 (February 2025)
- Pulse Connect Secure (End of Support): Up to 9.1R18.9, consult Ivanti for migration options
- Ivanti Policy Secure: Affected up to 22.7R1.3, patch due April 21
- ZTA Gateways: Affected up to 22.8R2, patch due April 19
Broader Implications
The exploitation of this vulnerability by a Chinese-affiliated cyber espionage group underlines the ongoing threat posed by state-sponsored actors. Enterprise environments utilizing Ivanti’s solutions are particularly urged to heed the lessons of this incident by applying all available updates and maintaining robust monitoring systems.
For more information and to download the necessary patches, please visit Ivanti’s official download portal.
Stay vigilant and ensure your network security systems are up to date to protect against these and other cybersecurity threats.
Related: Oracle Acknowledges Significant Security Breach Exposing Legacy Client Data
Last Updated: April 3, 2025
