Ethical Hacking News
A critical zero-day vulnerability has been discovered in Ivanti's Connect Secure remote code execution feature, which can be exploited by China-linked espionage actors to deploy malware and compromise secure networks. The vulnerability, CVE-2025-22457, was patched by Ivanti with the release of version 22.7R2.6. Organizations are urged to update their systems and implement robust security measures to prevent similar attacks.
Ivanti has released a critical security patch to address a zero-day vulnerability in its Connect Secure remote code execution feature. The patch aims to mitigate the impact of CVE-2025-22457, a stack-based buffer overflow weakness that can be exploited by threat actors to deploy malware and compromise secure networks. Remote threat actors can exploit this vulnerability in high-complexity attacks without authentication or user interaction. Ivanti has advised all customers to ensure they are running Ivanti Connect Secure 22.7R2.6 as soon as possible, with security patches for ZTA and Ivanti Policy Secure gateways still in development. The vulnerability highlights the ongoing war against cyber threats and the need for organizations to stay vigilant and proactive in protecting their networks. Organizations should take immediate action to patch their systems and implement robust security measures, including regular updates, secure network configurations, and security audits.
Ivanti, a leading provider of network and system security solutions, has recently released a critical security patch to address a zero-day vulnerability in its Connect Secure remote code execution (RCE) feature. The patch, which is available for Ivanti Connect Secure 22.7R2.6, aims to mitigate the impact of CVE-2025-22457, a stack-based buffer overflow weakness that can be exploited by threat actors to deploy malware and compromise secure networks.
According to Ivanti's advisory, remote threat actors can exploit this vulnerability in high-complexity attacks that do not require authentication or user interaction. The company has taken steps to patch the vulnerability and encourage all customers to ensure they are running Ivanti Connect Secure 22.7R2.6 as soon as possible. However, security patches for ZTA and Ivanti Policy Secure gateways are still in development and will be released on April 19 and April 21, respectively.
The discovery of this zero-day vulnerability highlights the ongoing war against cyber threats. China-linked espionage actors have been instrumental in exploiting vulnerabilities in network edge devices, including various Ivanti and NetScaler appliances. In recent months, these actors have exploited CVE-2025-0282, another Ivanti Connect Secure buffer overflow, to drop new Dryhook and Phasejam malware on compromised VPN appliances.
Furthermore, the hacking group has chained two Connect Secure and Policy Secure zero-days (CVE-2023-46805 and CVE-2024-21887) to remotely execute arbitrary commands on targeted ICS VPN and IPS network access control (NAC) appliances. One of their victims was the MITRE Corporation, which disclosed the breach in April 2024.
The Ivanti Connect Secure zero-day vulnerability is just one example of the many vulnerabilities that threat actors are exploiting to compromise secure networks. The exploitation of this vulnerability by a China-linked espionage actor highlights the need for organizations to stay vigilant and proactive in protecting their networks against cyber threats.
In light of these developments, it is essential for organizations to take immediate action to patch their systems and implement robust security measures to prevent similar attacks. This includes regularly updating software and firmware, implementing secure network configurations, and conducting regular security audits to identify vulnerabilities before they can be exploited by threat actors.
Moreover, the use of threat intelligence tools and services can help organizations stay informed about emerging threats and vulnerabilities. By leveraging these tools and services, organizations can gain valuable insights into the tactics, techniques, and procedures (TTPs) used by threat actors and develop effective countermeasures to protect their networks.
In conclusion, the Ivanti Connect Secure zero-day vulnerability highlights the ongoing war against cyber threats. Organizations must take immediate action to patch their systems and implement robust security measures to prevent similar attacks. By staying vigilant and proactive, organizations can reduce the risk of being compromised by threat actors and maintain the integrity of their networks.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Vulnerabilities-Highlight-the-Ongoing-War-Against-Cyber-Threats-Ivanti-Connect-Secure-Zero-Day-Exploited-by-China-Linked-Espionage-Actor-ehn.shtml
https://www.bleepingcomputer.com/news/security/ivanti-patches-connect-secure-zero-day-exploited-since-mid-march/
https://nvd.nist.gov/vuln/detail/CVE-2025-22457
https://www.cvedetails.com/cve/CVE-2025-22457/
https://nvd.nist.gov/vuln/detail/CVE-2023-46805
https://www.cvedetails.com/cve/CVE-2023-46805/
https://nvd.nist.gov/vuln/detail/CVE-2024-21887
https://www.cvedetails.com/cve/CVE-2024-21887/
https://nvd.nist.gov/vuln/detail/CVE-2025-0282
https://www.cvedetails.com/cve/CVE-2025-0282/
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
https://www.csoonline.com/article/3732107/ivanti-zero-day-exploited-by-apt-group-that-previously-targeted-connect-secure-appliances.html
https://www.netscaler.com/blog/news/cve-2024-12284-high-severity-security-update-for-netscaler-console/
https://www.bleepingcomputer.com/news/security/new-critical-citrix-netscaler-flaw-exposes-sensitive-data/
Published: Thu Apr 3 13:39:53 2025 by llama3.2 3B Q4_K_M
