What is CVE-2021-22894?

A high-severity buffer overflow vulnerability exists in Ivanti Pulse Connect Secure, allowing remote attackers to execute arbitrary code with root privileges. Immediate patching is essential to mitigate risks associated with this vulnerability.

What is the severity of CVE-2021-22894?

CVE-2021-22894 has a severity rating of HIGH with a CVSS base score of 8.8.

Is CVE-2021-22894 in CISA KEV?

Yes. CVE-2021-22894 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2021-22894 | High Vulnerability in Ivanti Pulse Connect Secure

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4, allowing a remote authenticated attacker to execute arbitrary code as the root user via a maliciously crafted meeting room. This vulnerability is classified as high severity with a CVSS score of 8.8, highlighting its critical nature. The risk to organizations includes potential unauthorized access and control over affected systems, making immediate action essential.

The vulnerability was published on May 27, 2021, and has been analyzed for its impact and exploitability. Organizations using affected versions must prioritize patching to prevent exploitation, as the attack vector is network-based and requires low privileges.

Failure to address this vulnerability could lead to severe consequences, including data breaches and system compromise. Therefore, organizations should prioritize remediation immediately.

This vulnerability is actively listed in the Known Exploited Vulnerabilities (KEV) catalog, emphasizing its significance and the urgency for organizations to implement the necessary patches.

Organizations should consult vendor advisories and security resources for further information on how to mitigate this vulnerability effectively.

Vulnerability Details

The vulnerability allows a remote authenticated attacker to execute arbitrary code as the root user. It is categorized under CWE-94 (Code Injection) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). The CVSS score of 8.8 indicates a high severity level, as it involves a network attack vector with low complexity and low privileges required.

Affected products include various versions of Ivanti's Pulse Connect Secure prior to the release of 9.1R11.4. Organizations utilizing these versions should take immediate steps to remediate the vulnerability.

Technical Analysis

The root cause of this vulnerability is a buffer overflow, which can be exploited through network accessibility. Attackers may leverage this vulnerability by sending specially crafted input to the system.

The attack complexity is low, and no user interaction is required, which increases the risk of exploitation. The impacts on confidentiality, integrity, and availability are all classified as high, making this a critical vulnerability.

Risk & Impact Analysis

Real-world deployment risk for this vulnerability is significant, as it allows remote code execution with root privileges. Organizations should assess the potential blast radius and impact on their operations. The urgency for addressing this vulnerability is underscored by its classification as a high-severity issue, with known exploitation in the wild.

Organizations must prioritize patching efforts in their security programs to mitigate risks associated with this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

Affected versions include all versions of Ivanti Pulse Connect Secure prior to 9.1R11.4. Organizations should review their deployments to identify any versions in use that may be affected.

Mitigation & Remediation

Organizations should apply updates as per vendor instructions to remediate this vulnerability. If patches are not available, consider implementing configuration changes to mitigate risk, such as restricting access to the affected components.

For additional guidance, refer to the penetration testing services provided by AppSecure.

Detection Guidance

Monitor logs for unusual access patterns, and be alert for behavioral anomalies in system operations. Establish network signatures to identify potential exploitation attempts, and keep an eye on system changes that may indicate an ongoing attack.

AppSecure Threat Intelligence Insight

This vulnerability represents a significant risk for organizations using Pulse Connect Secure, especially those not up-to-date with patches. The pattern of exploitation highlights the need for continuous vigilance and proactive security measures.

For further insights on securing your environment, consider reviewing our vulnerability management program and best practices for penetration testing methodology implementation.

Organizations must take these vulnerabilities seriously to enhance their overall security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-22894: High Vulnerability in Ivanti Pulse Connect Secure