Ivanti Addresses Critical Vulnerabilities Affecting Several Products

Ivanti Addresses Critical Vulnerabilities Affecting Several Products

Ivanti Addresses Critical Vulnerabilities Affecting Several Products

Ivanti has disclosed critical vulnerabilities in its Connect Secure, Policy Secure, Secure Access Client and Cloud Services Application products. These flaws could enable remote code execution, unauthorized data access and system compromise. The most severe issues include stack-based buffer overflows and OS command injection vulnerabilities. Ivanti strongly advises customers to update to the latest versions, as patches are now available. Immediate action is necessary to mitigate potential risks.

Technical Description

Ivanti has released patches for four critical vulnerabilities affecting multiple products, including Connect Secure (ICS), Policy Secure (IPS) and Cloud Services Applications (CSA). Tracked as CVE-2024-38657, CVE-2025-22467, CVE-2024-10644, and CVE-2024-47908. While Ivanti has found no evidence of active exploitation, its products are widely used by enterprises and small to medium-sized businesses (SMBs), making them attractive targets for cyberattacks. Customers are urged to apply the patches immediately to mitigate potential risks.

Ivanti Policy Secure – Arbitrary File Write (CVE-2024-38657, CVSS 9.1):
A vulnerability in Ivanti Connect Secure (prior to version 22.7R2.4) and Ivanti Policy Secure (prior to version 22.7R1.3) allows a remote authenticated attacker with administrative privileges to manipulate file names, enabling arbitrary file writing.

Ivanti Connect Secure – Critical Stack-based Buffer Overflow (CVE-2025-22467, CVSS 9.9):
One of the most critical vulnerabilities found in Ivanti Connect Secure is a stack-based buffer overflow, tracked as CVE-2025-22467. This flaw allows an authenticated remote attacker to execute arbitrary code on a vulnerable system by manipulating input data to overwrite the stack’s return address. Exploiting this vulnerability could grant the attacker full control over the affected system.

Code Injection Vulnerabilities (CVE-2024-10644, CVSS 9.1):
CVE-2024-10644 is a code injection vulnerability affecting Ivanti products, including Ivanti Connect Secure (before version 22.7R2.4) and Ivanti Policy Secure (before version 22.7R1.3). This flaw arises from improper handling of untrusted user input, allowing a remote authenticated attacker with administrative privileges to inject and execute malicious code. Exploiting this vulnerability could enable attackers to execute arbitrary commands, gain unauthorized access and potentially achieve full system compromise.

Ivanti CSA – OS Command Injection (CVE-2024-47908, CVSS 9.1):
Ivanti Cloud Services Appliance (CSA) is also impacted by critical vulnerabilities, including CVE-2024-47908, an OS command injection flaw in the admin web console. Present in Ivanti CSA before version 5.0.5, this vulnerability allows a remote authenticated attacker with administrative privileges to execute arbitrary system commands, potentially leading to remote code execution.

Conclusion

The critical remote code execution (RCE) and OS command injection vulnerabilities in Ivanti products pose serious risks to organizations using affected versions. Exploiting these flaws could allow attackers to take control of systems, execute arbitrary code, access sensitive data and compromise system integrity. To mitigate these threats, organizations must immediately apply patches and update to the latest versions to secure their systems against potential exploitation.

Impact

These vulnerabilities could allow attackers to execute arbitrary code, write files, or access sensitive data, depending on the flaw and attacker privileges. In the worst case, attackers could gain full control of affected systems, leading to data breaches and infrastructure compromise. The flaws impact the system’s confidentiality, integrity and availability. Although there is no proof of concept or evidence of active exploitation.

IOC and Context Details

Table
Topics Details
Tactic Name NA
Technique Name NA
Sub Technique Name NA
Attack Type Vulnerability
Targeted Applications Generic, Ivanti
Region Impacted Global
Industry Impacted All
IOC’s NA
CVE CVE-2024-38657, CVE-2025-22467, CVE-2024-10644 & CVE-2024-47908

Recommended Actions

  1. Update to the latest versions: Ivanti Connect Secure 22.7R2.6, Ivanti Policy Secure 22.7R1.3, Ivanti Secure Access Client 22.8R1 and CSA 5.0.5.
  2. If immediate patching is not possible, implement network segmentation to limit access to the affected systems.
  3. Monitor for any suspicious activities or unauthorized access attempts.
  4. Implement the principle of least privilege for user accounts accessing the system.
  5. Conduct a security audit to ensure no other vulnerabilities remain unaddressed.

References

https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US

View all Advisories
Post Views: 12