Ivanti issued updates to address four critical flaws impacting its Connect Secure, Policy Secure, and Cloud Services Application offerings, reports SC Media.The most significant of the patched vulnerabilities is a stack-based buffer overflow issue in Ivanti Connect Secure, tracked as CVE-2025-22467, which could be leveraged to facilitate remote code execution attacks without admin privileges.Other remediated critical flaws include the Connect Secure and Policy Secure arbitrary file write bug, tracked as CVE-2024-38657, Connect Secure and Policy Secure code injection issue, tracked as CVE-2024-10644, and CSA operating system command injection flaw, tracked as CVE-2024-47908.Additional fixes have also been introduced for seven other high- and medium-severity bugs impacting the aforementioned Ivanti products, as well as its Secure Access Client and Neurons for MDM deployments. The updates come as Ivanti had half of the two dozen security issues in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities catalog added within the past year.
Bug Bounties, Vulnerability Management
Ivanti Issues Updates to Fix Critical Vulnerabilities
(Adobe Stock)
You can skip this ad in 5 seconds