Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HIvanti Connect Secure
APPIvanti22.7< 22.7Ivanti Policy Secure
APPIvanti22.7< 22.7
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
Related vulnerabilities
CVE-2025-22457CRITICAL9.0⚠ KEVPL ✓ten sam produkt
Stack-based buffer overflow w Ivanti Connect Secure, Policy Secure i ZTA Gateways umożliwiający RCE
CVE-2025-0282CRITICAL9.0⚠ KEVPL ✓ten sam produkt
Stack-based buffer overflow RCE w Ivanti Connect Secure, Policy Secure i Neurons for ZTA
CVE-2024-21887CRITICAL9.1⚠ KEVPL ✓ten sam produkt
Command injection w Ivanti Connect Secure i Policy Secure — RCE jako administrator
CVE-2021-22893CRITICAL10.0⚠ KEVten sam produkt
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by...
CVE-2019-11510CRITICAL10.0⚠ KEVten sam produkt
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an...