Summary: Alleged China-based hackers are exploiting a vulnerability in Ivantiβs firewall products, specifically affecting its Connect Secure, Policy Secure, and ZTA Gateways tools, which serve large organizations and government clients. Ivanti confirmed limited attacks on customers and has released a patch; however, many devices remain unsupported beyond 2024, increasing risks for those using them. The Cybersecurity and Infrastructure Security Agency (CISA) has also verified the exploitation of this vulnerability, tracking it as CVE-2025-22457.
Affected: Ivanti firewall products (Connect Secure, Policy Secure, ZTA Gateways)
Keypoints :
- Exploitation linked to suspected China-based espionage group UNC5221, with the use of new malware families, including Brushfire and Spawn.
- Ivanti confirmed limited exploitation among their customer base, advising affected users to perform factory resets and migrate to supported versions for security.
- Cybersecurity experts emphasize the ongoing concern of active vulnerabilities in critical appliances and the need for independent risk assessments by organizations.
Source: https://therecord.media/cisa-ivanti-firewall-bug-exploitation