Key points
• Ivanti is warning customers about a critical vulnerability in its VPN appliances and products, which has already been exploited by a Chinese APT group.
• The vulnerability, tracked as CVE-2025-22457, was initially flagged as a denial-of-service issue but can be exploited for remote code execution.
• The flaw has been used to deploy new malware programs on Ivanti Connect Secure appliances and Pulse Connect Secure devices that have reached end-of-support.
Ivanti, a software company that focuses on IT and security solutions, has issued a warning to its customers about a critical vulnerability in its VPN appliances and products. According to Ivanti’s security advisory, the vulnerability has already been exploited by a Chinese APT (Advanced Persistent Threat) group. This is a significant development, as APT groups are known for their sophisticated and targeted attacks.
The vulnerability, tracked as CVE-2025-22457, was initially classified as a denial-of-service issue. However, researchers have since discovered that it can be exploited for remote code execution, which allows attackers to take control of affected systems. This higher severity rating has earned the vulnerability a CVSS score of 9.0, making it a critical issue.
The vulnerability affects Ivanti Connect Secure appliances versions 22.7R2.5 and earlier, as well as Pulse Connect Secure 9.1x appliances that have reached end-of-support in December. It is essential for customers to patch these devices as soon as possible to prevent exploitation. Threat actors have already been using the vulnerability to deploy two new malware programs on affected devices.
Microsoft, which offers its own VPN solutions and security products, has not announced any specific measures to address this vulnerability. However, the discovery of the vulnerability serves as a reminder of the importance of keeping software and systems up-to-date with the latest security patches and updates. As a Windows-based website, our readers should be aware of the potential risks and take necessary precautions to protect their devices.
Read the rest: Source Link
You might also like: How to get Windows Server 2022, Try Windows 11 Pro for Workstations & browse Windows Azure content.
Remember to like our facebook and our twitter @WindowsMode for a chance to win a free Surface every month.