![Apple Officially Announces Return of 'Ted Lasso' for Fourth Season [Video]](https://www.iclarified.com/images/news/96710/96710/96710-640.jpg)
![Apple Plans Live Translation Feature for AirPods in iOS 19 [Report]](https://www.iclarified.com/images/news/96712/96712/96712-640.jpg)
![Apple Shares Official Trailer for 'F1' Starring Brad Pitt [Video]](https://www.iclarified.com/images/news/96714/96714/96714-640.jpg)
![[Update: Fix] Chromecast (2nd gen) and Audio can’t Cast in ‘Untrusted’ outage](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2019/08/chromecast_audio_1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
_Tanapong_Sungkaew_Alamy.jpg?#)
_JIRAROJ_PRADITCHAROENKUL_Alamy.jpg?#)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely
Ivanti has disclosed a critical vulnerability, CVE-2025-22467, impacting its Connect Secure (ICS) product. This stack-based buffer overflow vulnerability, rated 9.9 (Critical) on the CVSS v3.1 scale, allows remote authenticated attackers to execute arbitrary code on affected systems. The flaw is present in versions up to 22.7R2.5 and has been addressed in the latest release, 22.7R2.6. […] The post Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely appeared first on Cyber Security News.
Ivanti has disclosed a critical vulnerability, CVE-2025-22467, impacting its Connect Secure (ICS) product. This stack-based buffer overflow vulnerability, rated 9.9 (Critical) on the CVSS v3.1 scale, allows remote authenticated attackers to execute arbitrary code on affected systems.
The flaw is present in versions up to 22.7R2.5 and has been addressed in the latest release, 22.7R2.6.
Stack-based Buffer Overflow in Ivanti Connect Secure
CVE-2025-22467 is classified under CWE-121: Stack-Based Buffer Overflow, a common and critical vulnerability type that occurs when data written to a buffer exceeds its allocated size, corrupting adjacent memory locations.
This specific flaw allows attackers with low privileges to exploit the system remotely without user interaction.
The attack vector is network-based, with low complexity, and it can compromise confidentiality, integrity, and availability at a high impact level.
“We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure”, reads the advisory.
Affected Versions and Resolutions
The following table outlines the affected and resolved versions:
Product Name Affected Versions Resolved Versions Ivanti Connect Secure 22.7R2.5 and below 22.7R2.6
Mitigation Steps
Ivanti urges all users to update their systems immediately to version 22.7R2.6 or later to mitigate the risk of exploitation. For organizations unable to patch immediately, Ivanti recommends the following interim measures:
- Network Segmentation: Restrict access to vulnerable systems.
- Monitoring: Continuously review logs for unauthorized access or suspicious activities.
- Least Privilege Principle: Limit user account permissions.
- Factory Reset: For compromised devices, perform a factory reset before upgrading.
This disclosure follows a series of vulnerabilities reported in Ivanti products over recent years, including code injection flaws (CVE-2024-10644) and arbitrary file read issues (CVE-2024-12058).
Historical exploitation of Ivanti Connect Secure has been observed by advanced persistent threat (APT) groups and cybercriminals targeting similar vulnerabilities.
The critical nature of CVE-2025-22467 highlights the importance of maintaining up-to-date software and implementing robust cybersecurity practices.
Organizations using Ivanti Connect Secure should prioritize patching their systems to version 22.7R2.6 or later without delay.
The post Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely appeared first on Cyber Security News.
