Published 1 day ago • loading... • Updated 5 hours ago

Ivanti patches Connect Secure zero-day exploited since mid-March

Summary by BleepingComputer

Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.

9 Articles

All

Left

Center

Right

CyberScoop

Center

China-backed espionage group hits Ivanti customers again

Ivanti customers are confronting another string of attacks linked to an actively exploited vulnerability in the company’s VPN products. Mandiant said a nation-state backed espionage group linked to China has been exploiting the critical vulnerability, CVE-2025-22457, since mid-March. The threat group, which Google Threat Intelligence Group tracks as UNC5221, has a knack for exploiting Ivanti products and has successfully — and repeatedly — attac…

22 hours ago

Read Full Article

BleepingComputer

Center

Ivanti patches Connect Secure zero-day exploited since mid-March

1 day ago

Read Full Article

CSO Online

Ivanti warns customers of new critical flaw exploited in the wild

Ivanti is warning customers that a critical vulnerability that impacts its VPN appliances and other products has already been exploited in the wild by a Chinese APT group. The flaw was originally flagged by Ivanti as a denial-of-service issue, but attackers figured out how to exploit it for remote code execution. The vulnerability, now tracked as CVE-2025-22457 with a severity score of 9.0 (Critical) on the CVSS scale, was exploited to deploy tw…

5 hours ago

Read Full Article

The Hacker News

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems. "A stack-based buffer overflow in Ivanti Connect

15 hours ago

Read Full Article

Malware Analysis, News and Indicators

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat

A previously unknown remote code execution vulnerability in the Ivanti Connect Secure VPN platform is being actively exploited in the wild by Chinese threat actors, prompting alerts from Google’s Mandiant team Introduc…

20 hours ago

Read Full Article

cybernoz.com

Ivanti VPN Customers Targeted Via Unrecognized RCE Vulnerability (CVE-2025-22457) - Cybernoz - Cybersecurity News

A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability was patched by Ivanti in ICS 22.7R2.6, released on February 11, 2025. But, apparently, the threat actor studied the patch and “uncovered through a complicated process, [that] it was pos…

1 day ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year