Over 3,000 Ivanti Connect Secure setups found vulnerable to a severe security issue.
In a recent development, a critical security flaw, CVE-2025-22467, has been identified in Ivanti Connect Secure VPN systems. Since its public disclosure on July 6, 2025, there has been active observation of its exploitation [3]. This vulnerability, if exploited, could potentially compromise the VPN system, posing serious security risks.
The vulnerability also impacts Ivanti Policy Secure versions prior to 22.7R1.3, allowing a remote authenticated attacker with admin privileges to write arbitrary files [2]. Ivanti disclosed and patched this vulnerability on February 11, 2025.
Organisations using Ivanti Connect Secure VPN are strongly advised to ensure they have applied the latest patches to mitigate this actively exploited vulnerability. Ivanti has provided mitigation steps that greatly reduce the risk of exploitation. As of now, CVE-2025-22467 has not yet been attacked in the wild.
Recent years have seen Ivanti devices targeted by various cyber threat actors. Last month, a zero-day vulnerability in multiple Ivanti products, including Connect Secure, was exploited by multiple threat groups. In October, three zero-day vulnerabilities in the Ivanti Cloud Service Appliance were chained together and exploited by attackers.
In response to the report of 2,850 vulnerable instances of CVE-2025-22467 remaining two weeks after its public disclosure, Ivanti sent a statement to Cybersecurity Dive. The statement emphasised Ivanti's commitment to overhauling its operations to develop more secure products.
According to a report by Shadowserver, approximately 2,850 IP addresses are vulnerable to CVE-2025-22467, a critical stack buffer-overflow vulnerability in Ivanti Connect Secure VPNs. The U.S. and Japan have the highest number of vulnerable IP addresses, with 852 and 384 instances, respectively.
Ivanti encourages customers who haven't patched according to the provided instructions to do so. Exploitation of CVE-2025-22467 can allow a remote authenticated attacker to achieve remote code execution. The editor's note indicates that this story has been updated with comments from Ivanti.
In conclusion, while there has been no evidence of exploitation of CVE-2025-22467 to date, its potential consequences make it a serious concern. Organisations using Ivanti Connect Secure VPN are advised to apply the latest patches to protect their systems. Ivanti has pledged to improve its security measures to prevent such vulnerabilities in the future.
- Despite no current instances of CVE-2025-22467 exploitation, its potential impact on Ivanti Connect Secure VPN systems necessitates immediate patching to safeguard against any possible cybersecurity threats.
- The vulnerability in Ivanti Connect Secure VPN, CVE-2025-22467, if exploited, could potentially allow a remote authenticated attacker to execute arbitrary code, underlining the significance of vigilant cybersecurity measures and technology adoption in mitigating these risks.
