Ivanti Products Connect Secure and Policy Secure Hit by Denial-of-Service Vulnerabilities

Ivanti has released critical security updates for its Connect Secure and Policy Secure products, addressing six medium-severity vulnerabilities that could potentially lead to denial-of-service attacks and unauthorized access.

The cybersecurity firm announced today that while no customers have been exploited by these vulnerabilities at the time of disclosure, immediate patching is recommended to prevent potential security breaches.

Vulnerability Overview and Impact

Ivanti issued a comprehensive security advisory on July 8, 2025, detailing multiple vulnerabilities affecting both Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.

The vulnerabilities range from improper access control to stack-based buffer overflows, with CVSS scores ranging from 4.9 to 6.6, all classified as medium severity.

The most concerning vulnerability, CVE-2025-5451, represents a stack-based buffer overflow that allows remote authenticated attackers with administrative privileges to trigger denial-of-service conditions.

This vulnerability specifically affects the core functionality of both products and could potentially disrupt network security ...