Summary: Ivanti has released urgent documentation for a critical vulnerability in its Connect Secure VPN appliances, tagged as CVE-2025-22457, which is being actively exploited by a Chinese APT group. The flaw, which allows for remote code execution, was initially misclassified as a denial-of-service bug and affects specific versions of Ivanti Connect Secure and end-of-support Pulse Connect Secure. Customers are advised to upgrade to a patched version immediately to prevent potential remote attacks.
Affected: Ivanti Connect Secure and Pulse Connect Secure
Keypoints :
- The vulnerability has a CVSS severity score of 9/10 and allows for remote code execution.
- Evidence of exploitation began appearing in mid-March 2025, with involvement from a Chinese hacking group tracked as UNC5221.
- Ivanti urges customers to update to version 22.7R2.6 and migrate away from unsupported Pulse Connect Secure appliances.
Source: https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/