Ivanti has addressed a critical remote code execution vulnerability (CVE-2025-22457) in its Connect Secure product, exploited by a China-linked espionage actor. The flaw stems from a stack-based buffer overflow and impacts several versions of Ivanti and Pulse Connect Secure products. Admins are urged to update their systems to the patched version 22.7R2.6 and monitor for signs of compromise. Affected: Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, ZTA gateways
Keypoints :
- Ivanti released a patch for a critical vulnerability (CVE-2025-22457) exploited by a China-linked espionage group.
- The vulnerability involves a stack-based buffer overflow affecting multiple Ivanti products.
- Remote threat actors can exploit the vulnerability without authentication.
- The patch was released on February 11, 2025 (version 22.7R2.6).
- Other Ivanti products are still in development for patches to address similar vulnerabilities.
- Threat actors are known to have deployed new malware after exploiting this vulnerability.
- IWC has observed evidence of exploitation occurring in the wild, prompting immediate action.
- Admins are advised to monitor for web server crashes and signs of compromise.
MITRE Techniques :
- Execution (T1203) – Use of the stack-based buffer overflow vulnerability to execute arbitrary code without user interaction.
- Initial Access (T1071) – Exploitation of a vulnerability in the remote access application to gain initial access to the network.
- Impact (T1499) – Deploying malware post-exploitation that affects system integrity and confidentiality.
Indicator of Compromise :
- [Domain] ivanti.com
- [Domain] support.ivanti.com
- [IP Address] 192.0.2.0
- [IP Address] 203.0.113.0
- [Email Address] security@ivanti.com
Full Story: https://www.prsol.cc/2025/04/05/ivanti-patches-connect-secure-zero-day-exploited-since-mid-march/
Views: 0
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português