Introduction
Remote attackers can crash enterprise VPN and zero trust gateways used by thousands of organizations worldwide, disrupting access to critical business resources. CVE-2025-5462 is a heap-based buffer overflow in Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access, disclosed alongside several other vulnerabilities in August 2025.
About Ivanti: Ivanti is a leading provider of enterprise IT and security solutions, with a global customer base spanning government, finance, healthcare, and critical infrastructure. Its Connect Secure and Policy Secure products are widely deployed for remote access and zero trust network architectures. The company has faced a series of high-profile vulnerabilities in 2025, making its patch management and security posture a focal point for defenders.
Technical Information
CVE-2025-5462 is a heap-based buffer overflow vulnerability (CWE-122) impacting multiple Ivanti products. The flaw is present in shared code across:
- Connect Secure (prior to 22.7R2.8 or 22.8R2)
- Policy Secure (prior to 22.7R1.5)
- ZTA Gateway (prior to 22.8R2.3-723)
- Neurons for Secure Access (prior to 22.8R1.4)
The vulnerability allows remote unauthenticated attackers to send specially crafted input to network-accessible interfaces. Due to improper validation, this input can overflow heap-allocated memory buffers, leading to memory corruption. The most likely outcome is a denial of service, causing the application to crash or terminate unexpectedly. The attack does not require authentication or prior access, increasing the risk profile for exposed Ivanti appliances.
No public code snippets or proof of concept details are available. The root cause is insufficient bounds checking before copying user-supplied data into heap-allocated buffers, a classic memory safety issue in C or C++ codebases. This flaw can disrupt normal program execution and potentially expose the system to further exploitation if chained with other vulnerabilities.
Patch Information
Ivanti has released security updates to address multiple vulnerabilities in their Connect Secure, Policy Secure, and Neurons for Zero Trust Access (ZTA) gateways. These vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283, could potentially allow unauthorized access and remote code execution on affected systems.
Patch Availability:
- Ivanti Connect Secure: Version 22.7R2.5 and later
- Ivanti Policy Secure: Version 22.7R1.2 and later
- Ivanti Neurons for ZTA Gateways: Version 22.7R2.3 and later
Recommended Actions:
-
Update to the Latest Version: Users should promptly upgrade their systems to the versions specified above to mitigate the identified vulnerabilities.
-
Run the Integrity Checker Tool (ICT): Before and after applying the updates, it's advisable to run Ivanti's external ICT to detect any signs of compromise. Note that running the ICT will require a restart of the gateway appliances.
-
Monitor Systems Post-Update: After updating, continue to monitor your systems for any unusual activity to ensure the effectiveness of the applied patches.
By following these steps, organizations can enhance the security of their Ivanti appliances and protect against potential exploits targeting these vulnerabilities.
Affected Systems and Versions
- Ivanti Connect Secure: All versions before 22.7R2.8 or 22.8R2
- Ivanti Policy Secure: All versions before 22.7R1.5
- Ivanti ZTA Gateway: All versions before 22.8R2.3-723
- Ivanti Neurons for Secure Access: All versions before 22.8R1.4
Vendor Security History
Ivanti has experienced several critical vulnerabilities in 2025, including:
- CVE-2025-22457: Buffer overflow, actively exploited by advanced threat actors
- CVE-2025-0282: Unauthenticated remote code execution, exploited as a zero day
- Multiple buffer overflows, XML external entity flaws, and privilege escalation issues across Connect Secure, Policy Secure, and ZTA Gateway
Ivanti maintains a monthly security update cycle and has published advisories and rapid patches in response to recent vulnerabilities. However, the frequency and impact of these issues highlight ongoing security challenges in their product ecosystem.