Critical Ivanti Connect Secure Vulnerability Exploited by China-linked Actor (Campaign)

[email protected] (Wiz Threat Research) 2025-04-03T00:00:00+00:00 View Original

Full Report

On April 3, 2025, Ivanti disclosed a critical vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure (ICS) VPN appliances version 22.7R2.5 and earlier. The flaw, initially underestimated as a denial-of-service risk, was later found to be a buffer overflow that allows r...

Analysis Summary