GCVE - cpe:2.3:a:ivanti:connect_secure:*:-:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:connect_secure:*:-:*:*:*:*:*:*

part: a version: * update: -

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Connect Secure (`61f5b622-21c4-5d14-b120-bd5f32132cfb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-5451`	vulnerable	2026-06-03 15:07:53.335489	Details available MEDIUM (4.9) A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service. Published: 2025-07-08T15:02:00.522Z Updated: 2025-07-08T20:43:37.606Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-22457`	vulnerable	2026-06-03 14:59:39.985444	Details available CRITICAL (9) A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. Published: 2025-04-03T15:20:23.628Z Updated: 2026-02-26T18:28:57.480Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37401`	vulnerable	2026-06-03 14:56:06.492973	Details available HIGH (7.5) An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. Published: 2024-12-11T18:52:27.527Z Updated: 2024-12-12T14:39:24.747Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12058`	vulnerable	2026-06-03 14:54:15.500831	Details available MEDIUM (6.8) External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files. Published: 2025-02-11T15:21:18.279Z Updated: 2025-02-11T15:35:20.850Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.