PoC for CVE-2025-22457

Created on 2025-04-11 07:47, updated on 2025-04-11 07:47, by Alexandre Dulaunoy
JSON CVE-2025-22457
vulnerability:exploitability=industrialised vulnerability:information=PoC

PoC for CVE-2025-22457

A remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways

Overview

This is a proof of concept exploit to demonstrate exploitation of CVE-2025-22457. For a complete technical analysis of the vulnerability and exploitation strategy, please see our Rapid7 Analysis here:

https://attackerkb.com/topics/0ybGQIkHzR/cve-2025-22457/rapid7-analysis

Available at https://github.com/sfewer-r7/CVE-2025-22457

Related vulnerabilities
Meta
[
  {
    "tags": [
      "vulnerability:exploitability=industrialised",
      "vulnerability:information=PoC"
    ]
  }
]