8 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Stack-Based Buffer Overflow Vulnerability in Ivanti Connect Secure
CVSS Score: 9.9 (Critical)
Identifier: CVE-2025-22467
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2025-22467 – Ivanti Security Advisory
Description: CVE-2025-22467 is a critical stack-based buffer overflow vulnerability in Ivanti Connect Secure versions prior to 22.7R2.6. This flaw allows a remote authenticated attacker to achieve remote code execution, potentially leading to full system compromise. The vulnerability arises from improper handling of user input, which can be exploited to execute arbitrary code on the affected system.
Mitigation Recommendation: Patching is currently the only method of mitigation. Ivanti has released software updates to address this vulnerability. Administrators are advised to update to version 22.7R2.6 or later as specified in the Ivanti Security Advisory. Immediate patching is recommended to prevent potential exploitation.
Note: Given the critical nature of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.
External Control of File Name Vulnerability in Ivanti Connect Secure and Policy Secure
CVSS Score: 9.1 (Critical)
Identifier: CVE-2024-38657
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2024-38657 – Ivanti Security Advisory
Description: CVE-2024-38657 is a critical vulnerability in Ivanti Connect Secure versions prior to 22.7R2.4 and Ivanti Policy Secure versions prior to 22.7R1. This flaw arises from external control of file names, allowing a remote authenticated attacker with administrative privileges to write arbitrary files. Successful exploitation could lead to unauthorized file manipulation, potentially compromising system integrity and confidentiality.
Mitigation Recommendation: Patching is currently the only method of mitigation. Ivanti has released software updates to address this vulnerability. Administrators are advised to update to Ivanti Connect Secure version 22.7R2.4 or later, and Ivanti Policy Secure version 22.7R1 or later, as specified in the Ivanti Security Advisory. Immediate patching is recommended to prevent potential exploitation.
Note: Given the critical nature of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.
Code Injection Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure
CVSS Score: 9.1 (Critical)
Identifier: CVE-2024-10644
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2024-10644 – Ivanti Security Advisory
Description: CVE-2024-10644 is a critical code injection vulnerability affecting Ivanti Connect Secure versions prior to 22.7R2.4 and Ivanti Policy Secure versions prior to 22.7R1.3. This flaw allows a remote authenticated attacker with administrative privileges to achieve remote code execution. Successful exploitation could lead to full system compromise, posing significant risks to confidentiality, integrity, and availability.
Mitigation Recommendation: Patching is currently the only method of mitigation. Ivanti has released software updates to address this vulnerability. Administrators are advised to update to Ivanti Connect Secure version 22.7R2.4 or later, and Ivanti Policy Secure version 22.7R1.3 or later, as specified in the Ivanti Security Advisory Immediate patching is recommended to prevent potential exploitation.
Note: Given the critical nature of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.
