Ivanti Sentry critical flaw enables root-level code execution
▼ Summary
– Ivanti patched two critical vulnerabilities in its Sentry secure mobile gateway solution.
– One of the flaws is a maximum-severity vulnerability allowing remote attackers to execute code with root privileges.
Ivanti has released security updates to address two critical vulnerabilities in its Sentry secure mobile gateway product, one of which carries the highest possible severity rating. This particular flaw allows remote attackers to execute arbitrary code with root-level system privileges, posing a significant risk to enterprise networks that rely on the gateway for secure mobile access.
The most severe vulnerability, tracked as CVE-2025-22467, is a buffer overflow issue in the product’s authentication component. An unauthenticated attacker can exploit this weakness remotely without any user interaction, gaining full control over the affected system. Given the critical nature of the flaw, Ivanti has assigned it a CVSS score of 10.0, the maximum possible under the Common Vulnerability Scoring System.
The second vulnerability, identified as CVE-2025-22468, is also critical but slightly less severe. It involves an improper input validation issue that could allow an attacker to execute arbitrary code, though it requires some level of authentication or specific conditions to exploit. Together, these vulnerabilities underscore the importance of prompt patch management for organizations using Ivanti Sentry.
Ivanti has urged all customers to apply the updates immediately to their Sentry deployments. The company also recommends reviewing access controls and network segmentation as additional layers of defense. Security researchers have noted that proof-of-concept exploits for CVE-2025-22467 are already circulating in the wild, increasing the urgency for patching.
Organizations that cannot apply the patch immediately should consider disabling the vulnerable component or implementing strict firewall rules to limit exposure. Ivanti has provided detailed guidance in its security advisory, which includes SHA-256 checksums to verify the integrity of the updated software packages. With attackers actively targeting enterprise gateways, this is a zero-day scenario that demands immediate action.
(Source: BleepingComputer)
