Friday, April 18, 2025
Latest:
News

Ivanti VPNs at Risk from Critical Security Flaw Targeted by Chinese Hackers

HackAcademy

Cybersecurity researchers have identified over 5,000 Ivanti VPN instances vulnerable to a critical security flaw actively exploited by China-linked cyber threat groups. The vulnerability, designated CVE-2025-22457, is a severe stack-based buffer overflow issue affecting Ivanti Connect Secure and other related products.

According to data from the Shadowserver Foundation, a recent scan revealed 5,113 vulnerable Ivanti Connect Secure VPN instances worldwide, predominantly located in the United States, Japan, and China. Although this number slightly decreased to 5,027 by a subsequent scan, the vulnerability remains a significant concern.

Mandiant researchers observed exploitation activities beginning mid-March, attributing the attacks to a suspected Chinese nation-state threat actor. These hackers leveraged the vulnerability for cyber espionage, successfully executing remote code on affected devices. As a response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) swiftly included CVE-2025-22457 in its catalog of known exploited vulnerabilities.

The vulnerability is not limited to Ivanti Connect Secure but also impacts Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways. However, actual exploitation has so far been reported only for Ivanti Connect Secure devices.

Ivanti issued an advisory noting that patches for Ivanti Connect Secure were available as early as February 2025, although initially the vulnerability was misclassified as low-risk. It was later revealed by Mandiant that attackers achieved remote code execution, significantly increasing its threat level.

Ivanti has urged users of older Pulse Connect Secure versions, particularly the now-unsupported 9.x series, to migrate immediately to secure platforms due to the absence of patches for these versions. The advisory noted that Ivanti Policy Secure products have a reduced exploitation risk because they are typically not internet-facing. A patch for Ivanti Policy Secure is expected on April 21.

For Ivanti ZTA Gateways, Ivanti stated the vulnerability does not pose an immediate risk during regular production use. However, it warned that unconnected or inactive gateways might remain vulnerable. A patch for ZTA Gateways is scheduled for release on April 19.

Cybersecurity experts strongly recommend organizations immediately patch affected devices or migrate to supported platforms to safeguard against active exploitation attempts.

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *