CVE-2025-22467

Name of the Vulnerable Software and Affected Versions Ivanti Connect Secure versions prior to 22.7R2.6

Description A stack-based buffer overflow in Ivanti Connect Secure allows a remote authenticated attacker to achieve remote code execution. The issue is actively exploited. Approximately 3.2 million services are found to be vulnerable, with the top affected countries being the US and Japan. Around 2850 IP addresses are seen unpatched worldwide.

Recommendations To resolve the issue, download and install Ivanti Connect Secure version 22.7R2.6 or later. As a temporary workaround, consider restricting access to the vulnerable component until a patch is applied.