Primary

Context

Ivanti Connect Secure Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in Ivanti Connect Secure (ICS) versions prior to 22.7R2.6. This vulnerability allows remote authenticated attackers to execute arbitrary code on the affected system.

Impact

Exploitation of this vulnerability leads to unauthorized remote code execution on the affected system.

Remediation

Users can upgrade to Ivanti Connect Secure version 22.7R2.6 to address this vulnerability. The update is available through the Ivanti Download Portal.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.9

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.9

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Connect Secure Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Ivanti Connect Secure

Ivanti Policy Secure

Ivanti Secure Access Client

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating