Summary: Ivanti has issued security updates to address a critical remote code execution vulnerability (CVE-2025-22457) exploited by Chinese espionage actors to deploy malware. The vulnerability affects multiple Ivanti products, including older Pulse Connect Secure versions, and was initially misclassified as a bug. Users are urged to update to the latest versions to mitigate risks from active exploitation observed in the wild.
Affected: Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, ZTA Gateways
Keypoints :
- Critical vulnerability enables remote code execution without authentication or user interaction.
- Active exploitation linked to the China-based hacker group UNC5221 since March 2025.
- New malware families, TRAILBLAZE and BRUSHFIRE, observed after exploitation of the vulnerability.
- Customers are advised to update to Ivanti Connect Secure 22.7R2.6 and monitor integrity checker tools.
- Security patches for Policy Secure and ZTA Gateways will be released on April 19 and 21, 2025.