Description
A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Ivanti / Connect Secure22.7R2.8 – 22.7R2.8
- Ivanti / Connect Secure22.8R2 – 22.8R2
- Ivanti / Neurons for Secure Access22.8R1.4 (Fix deployed on 02-Aug-2025) – 22.8R1.4 (Fix deployed on 02-Aug-2025)
- Ivanti / Policy Secure22.7R1.5 – 22.7R1.5
- Ivanti / ZTA Gateway22.8R2.3-723 – 22.8R2.3-723