Security News > 2025 > April > Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

2025-04-04 06:07
Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems. "A stack-based buffer overflow in Ivanti Connect
News URL
https://thehackernews.com/2025/04/critical-ivanti-flaw-actively-exploited.html
Related news
- Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now (source)
- Ivanti fixes three critical flaws in Connect Secure & Policy Secure (source)
- Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
- CISA reveals new malware variant used on compromised Ivanti Connect Secure devices (source)
- CISA spots spawn of Spawn malware targeting Ivanti flaw (source)