Ivanti Connect Secure
Moderate fix2 remedies
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*
Moderate fix2 remedies
- <= 22.7R2.7
- <= 22.8R2
Ivanti Connect Secure, Policy Secure, ZTA Gateway and Neurons for Secure Access Heap-Based Buffer Overflow Vulnerability Allowing Denial-of-Service
Vulnerability
Patched
A heap-based buffer overflow vulnerability has been identified in multiple Ivanti products, including Ivanti Connect Secure (ICS) versions prior to 22.7R2.8 or 22.8R2, Ivanti Policy Secure (IPS) versions prior to 22.7R1.5, Ivanti ZTA Gateway versions prior to 22.8R2.3-723, and Ivanti Neurons for Secure Access versions prior to 22.8R1.4. This vulnerability allows a remote unauthenticated attacker to trigger a denial-of-service condition.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing affected systems to become unresponsive or unavailable.
Remediation
Users of Ivanti Connect Secure should update to version 22.7R2.8 or 22.8R2. Those using Ivanti Policy Secure should update to version 22.7R1.5. For Ivanti ZTA Gateway, version 22.8R2.3-723 is available for download from the controller. Ivanti Neurons for Secure Access has already been updated to version 22.8R1.4 in cloud environments.
Added: Aug 12, 2025, 3:42 PM
Updated: Aug 12, 2025, 3:42 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
2.5exploitability
7.6remediation
7.7relevance
0.4threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.