CVE-2025-5462
HIGHDescription
A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service.
Is your site exposed to CVE-2025-5462?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | zero_trust_access_gateway |
| ivanti | neurons_for_secure_access |
| ivanti | neurons_for_secure_access |
| ivanti | neurons_for_secure_access |
| ivanti | neurons_for_secure_access |
| ivanti | neurons_for_secure_access |
References
Frequently Asked Questions
What is CVE-2025-5462? +
How severe is CVE-2025-5462? +
What products are affected by CVE-2025-5462? +
How do I check if I'm vulnerable to CVE-2025-5462? +
Related Vulnerabilities
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This …
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for …
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. …
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from …
Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to …