There are more than 5,000 internet-accessible Ivanti Connect Secure appliances that are susceptible to attacks exploiting a recently disclosed vulnerability, the non-profit cybersecurity organization The Shadowserver Foundation warns.
The issue, tracked as CVE-2025-22457 (CVSS score of 9), is described as a stack-based buffer overflow that could be exploited by remote, unauthenticated attackers to execute arbitrary code on a vulnerable appliance.
Ivanti fixed the bug in February, but warned last week that it misdiagnosed it as a production bug and that in-the-wild exploitation was ongoing. Simultaneously, Mandiant revealed that a Chinese hacking group tracked as UNC5221 was seen exploiting the flaw against Ivanti VPNs.
[...]
Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk
Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk
-
rbc
- Secretary
- Posts: 381
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk
Robert B. Carleton + ISC2 Central Mississippi Secretary