Summary: Security researchers at Rapid7 have identified a critical remote code execution vulnerability in Ivanti’s Connect Secure VPN appliances that has been actively exploited. Despite receiving a patch in February, Ivanti initially did not disclose the flaw, leading to potential threats from state-sponsored hacking groups. Organizations are urged to update to the latest version immediately to mitigate risks.
Affected: Ivanti Connect Secure VPN appliances
Keypoints :
- Critical flaw identified as CVE-2025-22457, linked to unchecked buffer overflow in the HTTP(S) web server component.
- Rapid7’s analysis shows exploit escalates from minor crashes to full remote code execution through manipulated HTTP headers.
- Organizations advised to upgrade to Ivanti Connect Secure version 22.7R2.6 immediately and check for signs of attempted exploitation.
Views: 9