A Vulnerability has been discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways which could allow for remote code execution.
Ivanti Connect Secure (formerly Pulse Connect Secure) is a widely deployed SSL VPN solution that provides secure and controlled access to corporate data and applications for remote and mobile users, offering features like single sign-on, multi-factor authentication, and integration with various security frameworks.Ivanti Policy Secure (IPS) is a Network Access Control (NAC) solution that provides network access only to authorized and secured users and devices, offering comprehensive NAC management, visibility, and monitoring to protect networks and sensitive data.Ivanti Neurons for Zero Trust Access (ZTA) Gateway is a component of Ivanti’s zero-trust network access solution
Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
Harri K. Koskinen discovered that XZ Utils incorrectly handled the threaded
xz decoder. If a user or automated system were tricked into processing an
xz file, a remote attacker could use this issue to cause XZ Utils to crash,
resulting in a denial of service, or possibly execute arbitrary code.
High CVE-2025-3066: Use after free in Navigations
Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs
Medium CVE-2025-3068: Inappropriate implementation in Intents
Medium CVE-2025-3069: Inappropriate implementation in Extensions
Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions
Low CVE-2025-3071: Inappropriate implementation in Navigations
Low CVE-2025-3072: Inappropriate implementation in Custom Tabs
Low CVE-2025-3073: Inappropriate implementation in Autofill
Low CVE-2025-3074: Inappropriate implementation in Downloads
High CVE-2025-3066: Use after free in Navigations
Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs
Medium CVE-2025-3068: Inappropriate implementation in Intents
Medium CVE-2025-3069: Inappropriate implementation in Extensions
Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions
Low CVE-2025-3071: Inappropriate implementation in Navigations
Low CVE-2025-3072: Inappropriate implementation in Custom Tabs
Low CVE-2025-3073: Inappropriate implementation in Autofill
Low CVE-2025-3074: Inappropriate implementation in Downloads
High CVE-2025-3066: Use after free in Navigations
Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs
Medium CVE-2025-3068: Inappropriate implementation in Intents
Medium CVE-2025-3069: Inappropriate implementation in Extensions
Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions
Low CVE-2025-3071: Inappropriate implementation in Navigations
Low CVE-2025-3072: Inappropriate implementation in Custom Tabs
Low CVE-2025-3073: Inappropriate implementation in Autofill
Low CVE-2025-3074: Inappropriate implementation in Downloads
High CVE-2025-3066: Use after free in Navigations
Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs
Medium CVE-2025-3068: Inappropriate implementation in Intents
Medium CVE-2025-3069: Inappropriate implementation in Extensions
Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions
Low CVE-2025-3071: Inappropriate implementation in Navigations
Low CVE-2025-3072: Inappropriate implementation in Custom Tabs
Low CVE-2025-3073: Inappropriate implementation in Autofill
Low CVE-2025-3074: Inappropriate implementation in Downloads
