A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.
2025-07-08T15:15:31.817
2025-07-15T13:10:56.463
Analyzed
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CVSSv3.1: 4.9 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ivanti | connect_secure | < 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | < 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |