CVE-2025-22467HIGH 8.8EPSS p88.3%

CVE-2025-22467CVE-2025-22467

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS3.71% probability of exploitation · percentile 88.3% · 2026-06-19T12:03:05Z
Published2025-02-11
Last modified2025-02-20

Underlying weaknesses· 1

CWE-121

References

  1. https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

1

TypeTargetConfidenceTier
WeaknessStack-based Buffer Overflowcwe-1210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
CVE
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
CVE
CVE-2026-8992
CVE
CVE-2025-22466
CVE
CVE-2025-9713
CVE
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.