Vulnerability Database

318,003

Total vulnerabilities in the database

CVE-2025-5456

A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125

  • Published: Aug 12, 2025
  • Updated: Nov 16, 2025
  • CVE: CVE-2025-5456
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
ivanti / connect_secure - 22.7
ivanti / connect_secure 22.7 22.7.x
ivanti / connect_secure 22.7-r1 22.7-r1.x
ivanti / connect_secure 22.7-r1.1 22.7-r1.1.x
ivanti / connect_secure 22.7-r1.2 22.7-r1.2.x
ivanti / connect_secure 22.7-r1.3 22.7-r1.3.x
ivanti / connect_secure 22.7-r1.4 22.7-r1.4.x
ivanti / connect_secure 22.7-r1.5 22.7-r1.5.x
ivanti / connect_secure 22.7-r2 22.7-r2.x
ivanti / connect_secure 22.7-r2.1 22.7-r2.1.x
ivanti / connect_secure 22.7-r2.2 22.7-r2.2.x
ivanti / connect_secure 22.7-r2.3 22.7-r2.3.x
ivanti / connect_secure 22.7-r2.4 22.7-r2.4.x
ivanti / connect_secure 22.7-r2.5 22.7-r2.5.x
ivanti / connect_secure 22.7-r2.6 22.7-r2.6.x
ivanti / connect_secure 22.7-r2.7 22.7-r2.7.x
ivanti / policy_secure - 22.7
ivanti / policy_secure 22.7 22.7.x
ivanti / policy_secure 22.7-r1 22.7-r1.x
ivanti / policy_secure 22.7-r1.1 22.7-r1.1.x
ivanti / policy_secure 22.7-r1.2 22.7-r1.2.x
ivanti / policy_secure 22.7-r1.3 22.7-r1.3.x
ivanti / policy_secure 22.7-r1.4 22.7-r1.4.x
ivanti / zero_trust_access_gateway 22.8-r2.2 22.8-r2.2.x
ivanti / neurons_for_secure_access - 22.8
ivanti / neurons_for_secure_access 22.8-r1 22.8-r1.x
ivanti / neurons_for_secure_access 22.8-r1.1 22.8-r1.1.x
ivanti / neurons_for_secure_access 22.8-r1.2 22.8-r1.2.x
ivanti / neurons_for_secure_access 22.8-r1.3 22.8-r1.3.x