Ivanti Discovers Critical Vulnerabilities in VPN and Cloud Services

Ivanti has issued a warning regarding several critical security vulnerabilities identified in its VPN software, including Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC), as well as in Ivanti Cloud Services Application (CSA). These vulnerabilities could potentially allow attackers to inject malicious code.

According to Ivanti's security advisory, the most severe of these vulnerabilities is a stack-based buffer overflow that enables authenticated users to execute arbitrary code remotely (CVE-2025-22467, CVSS score 9.9, rated as 'critical'). Although details on how malicious actors may exploit this vulnerability have not been disclosed, the implications are significant.

Additionally, authenticated users with administrative privileges can manipulate externally controlled file names to write arbitrary files (CVE-2024-38657, CVSS score 9.1, critical). There are also reports of another critical vulnerability allowing attackers to inject code through unspecified methods (CVE-2024-10644, CVSS score 9.1, critical).

Other vulnerabilities detailed in the advisory include CVE-2024-13813 (CVSS score 7.1, high), CVE-2024-12058 (CVSS score 6.8, medium), and multiple others rated from medium to high risk. These vulnerabilities affect versions of Ivanti Connect Secure (ICS) prior to 22.7R2.6, Ivanti Policy Secure (IPS) before 22.7R1.3, and Ivanti Secure Access Client (ISAC) before 22.8R1.

Furthermore, Ivanti has identified a critical security flaw in the Cloud Services Application (CSA). Authenticated attackers with administrative access can execute operating system commands, enabling them to inject and run arbitrary malicious code (CVE-2024-47908, CVSS score 9.1, critical). Another vulnerability allows attackers to exploit a path traversal issue to gain access to restricted functions without prior authentication (CVE-2024-11771, CVSS score 5.3, medium). These vulnerabilities can be addressed with updates available for Ivanti CSA version 5.0.5.

While Ivanti has reported no known exploitations of these vulnerabilities in the wild, they urge IT administrators to prioritize the installation of the latest updates due to the severe nature of these threats.

Security vulnerabilities in Ivanti products have previously attracted attention from cybercriminals. For instance, in early January, attackers exploited a code injection vulnerability in Ivanti Connect Secure to compromise networks.