Cyber999 Advisories

1.0 Introduction
Recently, Ivanti released critical security updates, CVE-2025-22457, affecting multiple products including Ivanti Connect Secure (ICS) VPN appliances, Pulse Connect Secure, Ivanti Policy Secure, and ZTA gateways.

2.0 Impact
The flaw is a stack-based buffer overflow that allows unauthenticated remote attackers to achieve remote code execution (RCE).

3.0 Affected Products

• Ivanti Connect Secure versions 22.7R2.5 and prior
• Pulse Connect Secure (EoS) versions 9.1R18.9 and prior
• Ivanti Policy Secure versions 22.7R1.3 and prior
• ZTA Gateways versions 22.8R2 and prior

4.0 Indicator of Compromise (IOCs)

5.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review  Ivanti Security Release  for more information and apply the necessary updates.

Kindly refer to the following URLs for more information:

• https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US

Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web:  https://www.mycert.org.my  

5.0 References

• https://www.ivanti.com/blog/topics/security-advisory
• https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US
• https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/