How ZeroPath Works
Back to Blog

Ivanti Connect Secure CVE-2025-5456 Buffer Over-Read: Brief Summary and Technical Review

A brief summary of CVE-2025-5456, a buffer over-read vulnerability (CWE-125) in Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. This post outlines affected versions, technical details, and vendor history based on available advisories and research.
CVE Analysis

7 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-08-12

Ivanti Connect Secure CVE-2025-5456 Buffer Over-Read: Brief Summary and Technical Review
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Remote attackers can crash critical Ivanti security appliances without authentication, disrupting VPN and access control for thousands of users. CVE-2025-5456 affects a wide range of Ivanti's core products, with a patch released only after cloud deployments were proactively fixed.

Ivanti is a major enterprise security vendor with a global footprint, providing solutions like Connect Secure (formerly Pulse Secure), Policy Secure, ZTA Gateway, and Neurons for Secure Access. These products are widely used for secure remote access and network policy enforcement in large organizations.

Technical Information

CVE-2025-5456 is a buffer over-read vulnerability (CWE-125) in multiple Ivanti security products. The flaw arises when the software reads beyond the end of an allocated buffer, typically due to missing or incorrect bounds checking during the processing of network data. This can be exploited remotely by unauthenticated attackers, resulting in a denial of service condition (system crash or instability).

The vulnerability is present in shared code components across Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. The root cause is improper validation of buffer boundaries during network packet or protocol parsing routines. The affected code is likely implemented in C or C++, which are prone to such memory safety issues if strict bounds checking is not enforced. No public code snippets or proof of concept have been released.

Affected Systems and Versions

  • Ivanti Connect Secure: all versions before 22.7R2.8 or 22.8R2
  • Ivanti Policy Secure: all versions before 22.7R1.5
  • Ivanti ZTA Gateway: all versions before 2.8R2.3-723
  • Ivanti Neurons for Secure Access: all versions before 22.8R1.4

Cloud deployments of Neurons for Secure Access were patched as of August 2, 2025. On-premises deployments require manual upgrades to the specified fixed versions.

Vendor Security History

Ivanti has faced a series of critical vulnerabilities in 2025. Notably, CVE-2025-22457 (buffer overflow in Connect Secure) was actively exploited by China-nexus threat actors. CVE-2025-4427 and CVE-2025-4428 (authentication bypass and RCE in Endpoint Manager Mobile) were also exploited in the wild, affecting critical sectors like healthcare and finance. The vendor has improved patch response times and transparency but continues to face challenges with recurring memory safety and access control flaws across its product lines.

References

Detect & fix
what others miss

Get startedBook a demo