On February 11, 2025, Ivanti disclosed ten vulnerabilities in its Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Cloud Services Appliance (CSA) products, with four critical vulnerabilities (CVSS 9.1 or higher) detailed. These vulnerabilities primarily require user authentication and administrative privileges for exploitation. Organizations should prioritize applying patches to mitigate these critical risks. Affected: Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Cloud Services Appliance
Keypoints :
- Ten vulnerabilities disclosed by Ivanti on February 11, 2025.
- Four vulnerabilities rated critical with a CVSS score of 9.1 or higher.
- CVE-2025-22467 allows remote code execution (RCE) via a stack-based overflow in Ivanti Connect Secure.
- CVE-2024-38657 and CVE-2024-10644 allow RCE and arbitrary file write vulnerabilities in Ivanti Connect Secure and Policy Secure.
- CVE-2024-47908 enables RCE in Ivanti CSA’s admin web console.
- All critical vulnerabilities require authentication; most require administrative privileges.
- No known active exploitation of these vulnerabilities at the time of disclosure.
- Organizations are advised to apply patches from Ivanti’s Security Advisories quickly.
- A significant number of potentially vulnerable Ivanti Connect Secure and Cloud Services Appliance instances observed online.
MITRE Techniques :
- TA0002: Execution – Exploitation of vulnerabilities (CVE-2025-22467, CVE-2024-10644, CVE-2024-38657, CVE-2024-47908) allows attackers to achieve remote code execution.
- TA0001: Initial Access – The vulnerabilities generally require an attacker to have authenticated access to exploit them.
- TA0003: Persistence – By exploiting CVE-2024-38657, attackers may write arbitrary files, leading to potential persistence on the system.
Indicator of Compromise :
- [CVE-ID] CVE-2025-22467
- [CVE-ID] CVE-2024-38657
- [CVE-ID] CVE-2024-10644
- [CVE-ID] CVE-2024-47908
Full Story: https://censys.com/cve-2025-22467/
Views: 39