CVE-2025-22457
Published Apr 3, 2025
Last updated 12 days ago
AI description
CVE-2025-22457 is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. It allows a remote, unauthenticated attacker to execute arbitrary code on the target device. The vulnerability is triggered by network access to the impacted appliances. Exploitation of CVE-2025-22457 has been observed in the wild, with attackers using a shell script dropper to inject the BRUSHFIRE passive backdoor into a running web process.
- Description
- A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
- Products
- connect_secure, policy_secure, zero_trust_access_gateway
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
- Exploit added on
- Apr 4, 2025
- Exploit action due
- Apr 11, 2025
- Required action
- Apply mitigations as set forth in the CISA instructions linked below.
- Hype score
- Not currently trending
VPN機器等に対するネットワーク貫通型攻撃で悪用されるおそれのある機器の脆弱性の例として、以下の製品に関連する脆弱性が挙げられます: NetScaler ADCおよびNetSacler Gateway(CVE-2025-7775等) Ivanti Connect Secureお
@aktsmm
1 Nov 2025
359 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
🚨CVE-2025-22457: Python Exploit POC Scanner to Detect Ivanti Connect Secure RCE GitHub: https://t.co/4T1EkyYTrV Redline Blog: https://t.co/Yk9nAZOKVC CVSS: 9.0 KEV: Yes https://t.co/TJ7SnqdG4d
@DarkWebInformer
21 Oct 2025
5191 Impressions
11 Retweets
40 Likes
20 Bookmarks
0 Replies
0 Quotes
🚨 New Templates Bounty Issue 💰 CVE-2025-22457 - Ivanti - Buffer Overflow 💰 👾 Issue: https://t.co/22xcrH8bkR #bugbounty #NucleiTemplates #cve #opensource
@pdnuclei
24 Aug 2025
1478 Impressions
0 Retweets
20 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-22457: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
@ZeroDayFacts
22 Jul 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
محققان امنیت سایبری جزئیات بدافزار جدیدی به نام MDifyLoader را فاش کردهاند که در حملات سایبری علیه دستگاههای Ivanti Connect Secure (ICS) مشاهده شده است. بر اساس گزارش JPC
@Teeegra
21 Jul 2025
444 Impressions
0 Retweets
10 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber attackers exploit CVE-2025-0282 and CVE-2025-22457 to deploy MDifyLoader on Ivanti Connect Secure appliances, enabling in-memory Cobalt Strike payloads via DLL side-loading and open-source tools, leading to stealthy breaches. #EternalBlue #UK https://t.co/QNsllF95ky
@TweetThreatNews
18 Jul 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Malware loaders like MDifyLoader exploit Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457, using DLL side-loading and RC4 decryption to run Cobalt Strike Beacons, enabling lateral movement and persistence. #CVE20250282 #Indonesia https://t.co/7wP76r68Cj
@TweetThreatNews
18 Jul 2025
102 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Despite patches being available for months, Japanese authorities report ongoing exploitation of Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457. Attackers deploy malware like DslogdRAT and SPAWNCHIMERA using advanced tactics. #Japa… https://t.co/q0kXMe6gX
@TweetThreatNews
18 Jul 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JPCERT/CC's 増渕 維摩 (Yuma Masubuchi) looks into malware identified in attacks exploiting Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457 from December 2024 to the present. https://t.co/0gL5VBHyzk https://t.co/iWWlVR9X2j
@virusbtn
18 Jul 2025
1703 Impressions
12 Retweets
37 Likes
10 Bookmarks
0 Replies
1 Quote
ブログ JPCERT/CC Eyes「Ivanti Connect Secureの脆弱性を起点とした侵害で確認されたマルウェア」を公開。2024年12月から2025年7月現在まで、CVE-2025-0282やCVE-2025-22457を悪用する攻撃者が使用したマルウェア、ツール、攻
@jpcert
18 Jul 2025
7323 Impressions
26 Retweets
61 Likes
16 Bookmarks
1 Reply
1 Quote
We’ve published our annual lookback research paper on cyber espionage targeting Japan in FY2024 (Apr 2024 ~ Mar 2025). This report also covered the trend of Ivanti CVE-2025-22457, Fortigate CVE-2024-55591 as the specific case studies. https://t.co/MpztFHuMre
@8th_grey_owl
15 Jul 2025
4639 Impressions
18 Retweets
51 Likes
21 Bookmarks
2 Replies
0 Quotes
Ivanti VPN hack (CVE-2025-22457) exposed networks to Chinese hackers in Apr 2025! #Hoprnet VPN’s decentralized mix net & strong encryption could’ve stopped this by hiding metadata & avoiding single-point failures. Stay secure! #Cybersecurity #gnosisvpn https://t.co/3
@Sawaya2000
11 Jul 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Cybercriminals #Vulnerability Ivanti Zero-Day CVE-2025-22457 Exploit Details Released https://t.co/PC2jPWWH96
@Komodosec
21 Jun 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #BRUSHFIRE CVE-2025-22457: UNC5221 Exploits Ivanti Zero-Day Flaw to Deploy TRAILBLAZE and BRUSHFIRE Malware https://t.co/ReoHs1uq8B
@Komodosec
9 Jun 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-nexus actor UNC5221 is exploiting Ivanti EPMM (CVE-2025-22457) to deploy malware & steal data globally. Details: https://t.co/mU3HDSGInQ #OffSeq #CyberS... https://t.co/nPKcfp7qVo
@offseq
22 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
15 May 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Ctaes Security News 2 new CVE's added to Hackervillage :THREAT INTELLIGENCE REPORT APRIL 1 - APRIL 7 2025 New Threat Detection Added2 - Kentico Xperience CMS Authentication Bypass (CVE-2025-2747) , Ivanti Connect Secure Buffer Overflow (CVE-2025-22457)
@Ctaesandriod2
13 May 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025. 4.30 Ivanti Connect Secureなどにおける脆弱性(CVE-2025-22457)に関する注意喚起 最終更新: 2025-04-30 - 一般社団法人 JPCERT コーディネーションセンター(JPCERT/CC) https://t.co/aLcyRUtgKy
@kawn2020
9 May 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Cybercriminelen maken misbruik van verouderde Ivanti Connect Secure systemen met kwetsbaarheden zoals #RCE en #CVE-2025-22457. Organisaties moeten snel actie ondernemen om risico's te vermijden. Lees meer: https://t.co/03muYO7Fya
@CCINLCybercrime
30 Apr 2025
83 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【更新】Ivanti Connect Secureなどにおける脆弱性(CVE-2025-22457)に関する注意喚起を更新。Ivantiが提供する整合性チェックツール(ICT)の改ざん事例や、その他攻撃の可能性がある事象などを追記。事例を踏まえ
@jpcert
30 Apr 2025
4349 Impressions
13 Retweets
16 Likes
7 Bookmarks
1 Reply
0 Quotes
🚨 Heads up! CVE-2025-22457 is here, and it’s making Ivanti's systems feel a bit... vulnerable. Time to patch up before the hackers throw a party! 🎉 #CyberSecurity #Ivanti #CVE2025 https://t.co/DcPNjNyewV
@windowsforum
27 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Ivanti VPNの脆弱性 CVE-2025-22457 ☑️リモートコード実行(#RCE)発生可能 ☑️Connect Secure 22.7R2.5以下のバージョンなど一部のIvanti製品の脆弱性 ☑️https://t.co/IVizkfqat2 クエリ:title: "IvantiConnect Secure" ☑️ パッチ適用および攻撃対象領域管理(#ASM)で措置可能 🔎詳細: https://t.co/RKWWlW4fGa
@CriminalIP_JP
25 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ثغرة #CVE-2025-22457 في Ivanti VPN ☑️تنفيذ التعليمات عن بُعد (RCE) ☑️بعض منتجات Ivanti، بما في ذلك Connect Secure 22.7R2.5 وما قبل معرضة للخطر ☑️https://t.co/gKKiwWs7Q2: title: "IvantiConnect Secure" ☑️ت
@CriminalIP_AR
25 Apr 2025
62 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Ivanti VPN 취약점 #CVE-2025-22457 ☑️원격 코드 실행(RCE) 발생 가능 ☑️Connect Secure 22.7R2.5 이하 버전 등 일부 이반티제품 취약 ☑️https://t.co/ZdemHmQb5V 쿼리: title: "IvantiConnect Secure" ☑️패치 적용 및 공격 표면 관리(#ASM)로 조치 가능 🔎자세히 보기: https://t.co/PG5QrY18ft https://t.co/sT64TnwjAp
@CriminalIP_KR
25 Apr 2025
81 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
24 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
22 Apr 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
21 Apr 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
20 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#threatreport #MediumCompleteness UNC5221s Latest Exploit: Weaponizing CVE-2025-22457 in Ivanti Connect Secure | 17-04-2025 Source: https://t.co/963750119Z Key details below ↓ 🧑💻Actors/Campaigns: Unc5221 (🧠motivation: information_theft, cyber_espionage) Dragonfish 💀Threats
@rst_cloud
18 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Vulnerability CVE-2025-22457 Exposes 5,000 Ivanti VPN Appliances ⚠️ https://t.co/XWYBdSNxuA Over 5,000 #Ivanti Connect Secure #VPN appliances remain vulnerable to CVE-2025-22457, a critical buffer overflow flaw exploited by Chinese hackers for remote code execution.
@Huntio
17 Apr 2025
195 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
UNC5221 exploits CVE-2025-22457 in Ivanti Connect Secure, targeting global networks with custom malware. A critical threat to U.S. organizations and beyond. ⚠️💻 #CyberEspionage #Vulnerability #China link: https://t.co/TFJ0siCzQI https://t.co/9QQdsENn4F
@TweetThreatNews
17 Apr 2025
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
17 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
16 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
UNC5221の話めちゃくちゃ出てくる。IvantiのCVE-2025-22457の被害がかなり広範囲に出てて、IR対応とフォレンジックでどんどん掘れてるのかな。 Chinese Hackers Unleash New BRICKSTORM Malware to Target Windows and Linux Systems https://t.co/Bk8x3nEIjW @GBHackers
@Osint_Rh
16 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#786 悪用する攻撃を国内でも確認 ~ Ivanti Connect Secure などに脆弱性(CVE-2025-22457) - セキュリティジョッキー松野 https://t.co/oMd4VGT6IQ #Voicy #叱らなきゃいけない時
@security_radio
16 Apr 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
16 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Time for a CyberByte! A China-nexus APT group exploited critical stack buffer overflow vulnerabilities (CVE-2025-0282 and CVE-2025-22457) in Ivanti Connect Secure VPN appliances. The victims span nearly twenty different industries across twelve countries; the vulnerabilities htt
@ITISAC
15 Apr 2025
134 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
15 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
中国との関連が疑われる脅威アクターが Ivanti Connect Secure の重大な脆弱性(CVE-2025-22457)を積極的に悪用している可能性が判明 #GoogleCloud https://t.co/qrjduvMpaG
@kaz_goto
15 Apr 2025
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
15 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
中国のAPTグループがIvanti VPNの重大な脆弱性(CVE-2025-0282/CVE-2025-22457)を悪用し、世界12カ国・約20業種にサイバースパイ攻撃を展開。高度なマルウェア「SPAWNCHIMERA」を使用し、検出回避技術で長期潜伏。 https://t.co/SbLVUyGMOV
@01ra66it
14 Apr 2025
816 Impressions
2 Retweets
17 Likes
4 Bookmarks
0 Replies
0 Quotes
中国と関係するAPTグループが、Ivanti Connect Secure VPNの重大な脆弱性(CVE-2025-0282およびCVE-2025-22457)を悪用し、12か国・20業種の組織に侵入したとTeamT5が報告した。
@yousukezan
14 Apr 2025
2063 Impressions
3 Retweets
14 Likes
0 Bookmarks
0 Replies
0 Quotes
Suspected China-Nexus Threat Actor Actively Exploiting Critical #Ivanti Connect Secure #Vulnerability (CVE-2025-22457) https://t.co/qyD97tEu57
@club31337
14 Apr 2025
239 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
中国系APT集団がIvanti Connect Secure VPNを悪用して複数組織に侵入している。TeamT5社報告。CVE-2025-0282及びCVE-2025-22457を悪用した可能性。中国のアクター間で共有されるIvanti機器専用マルウェアSPAWNCHIMERAを使用。 https://t.co/rUHoNRf7fb
@__kokumoto
14 Apr 2025
3636 Impressions
9 Retweets
29 Likes
16 Bookmarks
1 Reply
1 Quote
Actively exploited CVE : CVE-2025-22457
@transilienceai
14 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
13 Apr 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-22457
@transilienceai
12 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices. https://t.co/emrDD25GL9 https://t.co/PBPzcWoRBO
@persistsec
12 Apr 2025
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Rapid7、静かなパッチの混乱の後、Ivanti VPNアプライアンスにおけるRCEの経路を明らかにする(CVE-2025-22457) https://t.co/25rdTBkKC6 #security #セキュリティ #ニュース
@SecureShield_
12 Apr 2025
273 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed Full Story: https://t.co/lLmk1VuAeu A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated remote code execution (RCE) vulnerability impacting several Ivanti products. A ht
@The_Cyber_News
11 Apr 2025
343 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:*:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0EC2FCD-5402-4269-B86A-18F8DFB8F2C9",
"versionEndExcluding": "22.7"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3447428E-DBCD-4553-B51D-AC08ECAFD881"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A08BAF98-7F05-4596-8BFC-91F1A79D3BD1"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40717D97-A062-49C4-B105-C22AAC3A206A"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:*:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48EFA63B-1322-45B0-B86D-87F24A2B4E8A",
"versionEndExcluding": "22.7"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D24A8DB-D697-4C60-935D-B08EE36861CB"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C12D325-77E1-4873-8A77-D76F4A73BCF8"
},
{
"criteria": "cpe:2.3:a:ivanti:zero_trust_access_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2E32E9D-45B1-4007-A385-799230ABDF09",
"versionEndExcluding": "22.8"
},
{
"criteria": "cpe:2.3:a:ivanti:zero_trust_access_gateway:22.8:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6B98C14-B9B8-4E0F-9494-099FCC6DF6B6"
},
{
"criteria": "cpe:2.3:a:ivanti:zero_trust_access_gateway:22.8:r2.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CAA280F-D6C6-441D-973D-0DA2DE1AB320"
}
],
"operator": "OR"
}
]
}
]