{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-016.pdf"
    },
    "title": "Critical Vulnerability in Ivanti Products",
    "serial_number": "2025-016",
    "publish_date": "03-04-2025 14:57:40",
    "description": "On April 4, 2025, Ivanti released a security advisory regarding a critical vulnerability affecting their products. The vulnerability is known to be exploited in the wild. The vulnerability has been fixed in the February 2025 release and was initially identified as a product bug.<br>\nCERT-EU recommends upgrading to a supported and fixed version of Ivanti products as soon as possible. CERT-EU also recommends reviewing forensic evidence to detect any signs of exploitation.<br>\n",
    "url_title": "2025-016",
    "content_markdown": "---    \ntitle: 'Critical Vulnerability in\u00a0Ivanti\u00a0Products'\nnumber: '2025-016'\nversion: '1.0'\noriginal_date: '2025-04-04'\ndate: '2025-04-04'\n---\n\n_History:_\n\n* _04/04/2025 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn April 4, 2025, Ivanti released a security advisory regarding a critical vulnerability affecting their products. The vulnerability is known to be exploited in the wild. The vulnerability has been fixed in the February 2025 release and was initially identified as a product bug.\n\nCERT-EU recommends upgrading to a supported and fixed version of Ivanti products as soon as possible. CERT-EU also recommends reviewing forensic evidence to detect any signs of exploitation.\n\n# Technical Details\n\nThe vulnerability **CVE-2025-22457**, with a CVSS score of 9.0, is a stack-based buffer overflow vulnerability. When exploited, it allows for unauthenticated remote code execution on affected devices.\n\n# Affected Products\n\nThe vulnerability affects the following products and versions:\n\n- Ivanti Connect Secure version 22.7R2.5 and prior\n- Ivanti Connect Secure version 9.1R18.9 and prior (this product is End of Life since December 31, 2024)\n- Ivanti Policy Secure version 22.7R1.3 and prior\n- ZTA Gateways version 22.8R2 and prior\n\n# Recommendations\n\nCERT-EU recommends upgrading to a supported and fixed version of Ivanti products as soon as possible. CERT-EU also recommends reviewing forensic evidence to detect any signs of exploitation.\n\n## Mitigation\n\nWhen it is not possible to update immediately, CERT-EU recommends restricting access to vulnerable systems to only trusted sources.\n\n# References \n\n[1] <https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US>",
    "content_html": "<p><em>History:</em></p><ul><li><em>04/04/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On April 4, 2025, Ivanti released a security advisory regarding a critical vulnerability affecting their products. The vulnerability is known to be exploited in the wild. The vulnerability has been fixed in the February 2025 release and was initially identified as a product bug.</p><p>CERT-EU recommends upgrading to a supported and fixed version of Ivanti products as soon as possible. CERT-EU also recommends reviewing forensic evidence to detect any signs of exploitation.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2025-22457</strong>, with a CVSS score of 9.0, is a stack-based buffer overflow vulnerability. When exploited, it allows for unauthenticated remote code execution on affected devices.</p><h2 id=\"affected-products\">Affected Products</h2><p>The vulnerability affects the following products and versions:</p><ul><li>Ivanti Connect Secure version 22.7R2.5 and prior</li><li>Ivanti Connect Secure version 9.1R18.9 and prior (this product is End of Life since December 31, 2024)</li><li>Ivanti Policy Secure version 22.7R1.3 and prior</li><li>ZTA Gateways version 22.8R2 and prior</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends upgrading to a supported and fixed version of Ivanti products as soon as possible. CERT-EU also recommends reviewing forensic evidence to detect any signs of exploitation.</p><h3 id=\"mitigation\">Mitigation</h3><p>When it is not possible to update immediately, CERT-EU recommends restricting access to vulnerable systems to only trusted sources.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US\">https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}