Summary: Ivanti has patched a critical security vulnerability (CVE-2025-22457) in its Connect Secure systems, which is being actively exploited to execute arbitrary code. The vulnerability affects multiple Ivanti products and has prompted warnings to customers regarding security monitoring and potential compromises. Mandiant has linked the exploitation of this vulnerability to the China-nexus threat group UNC5221, which has a history of exploiting zero-day vulnerabilities in similar devices.
Affected: Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, ZTA Gateways
Keypoints :
- A stack-based buffer overflow vulnerability allows remote unauthenticated access to affected systems.
- Active exploitation has been observed, with some customers reportedly compromised.
- The vulnerability is attributed to the threat actor cluster UNC5221, known for exploiting zero-day flaws.
- Several critical vulnerabilities were also addressed in the patched version 22.7R2.6.
- Threat actors are developing custom malware targeting enterprise systems without EDR solutions.
Source: https://thehackernews.com/2025/04/critical-ivanti-flaw-actively-exploited.html