The Cybersecurity and Infrastructure Security Agency (CISA) has released details about a severe security flaw discovered in several Ivanti products. The vulnerability, identified as CVE-2025-22457, allows attackers to execute malicious code remotely without authentication.
According to security experts, the buffer overflow vulnerability impacts multiple Ivanti solutions including Connect Secure, Policy Secure, and Neurons for ZTA gateways. Evidence shows active exploitation of this flaw by sophisticated threat actors.
The affected products include:
- Pulse Connect Secure 9.1.X
- Ivanti Connect Secure (versions 22.7R2.5 and earlier)
- Ivanti Policy Secure
- Neurons for ZTA gateways
Security firm Mandiant has detected exploitation attempts in the wild, particularly targeting unpatched Connect Secure systems. The attacks involve deployment of new malware families named TRAILBLAZE and BRUSHFIRE, along with previously known SPAWN malware.
Researchers attribute the attacks to UNC5221, a China-linked cyber espionage group with a history of exploiting zero-day vulnerabilities in edge devices. The group uses advanced techniques including custom tools, stealthy backdoors, and obfuscated command-and-control infrastructure.
Organizations using affected Ivanti products should:
- Update to Ivanti Connect Secure version 22.7R2.6 or later
- Migrate from end-of-life Pulse Connect Secure 9.1x immediately
- Review system configurations and remove unnecessary internet exposure
- Conduct thorough security audits to detect potential compromises
- Monitor for suspicious network activity
The ACSC recommends implementing robust monitoring measures and following vendor-provided mitigation guidance to protect against this threat. Regular security assessments and prompt patching remain key defenses against such vulnerabilities.
This discovery highlights the ongoing challenges organizations face in securing network infrastructure against sophisticated cyber threats. As attacks continue to evolve, maintaining current security patches and implementing defense-in-depth strategies becomes increasingly critical.