Security News > 2025 > April > Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
2025-04-03 17:52
A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability was patched by Ivanti in ICS 22.7R2.6, released on February 11, 2025. But, apparently, the threat actor studied the patch and “uncovered through a complicated process, [that] it was possible to exploit 22.7R2.5 and earlier … More → The post Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) appeared first on Help Net Security.
News URL
Related news
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-03 | CVE-2025-22457 | Stack-based Buffer Overflow vulnerability in Ivanti products A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |