Federal cybersecurity agency, CISA, includes Ivanti Connect Secure vulnerability in its Known Exploited Vulnerabilities (KEV) catalog.

Federal cybersecurity agency, CISA, includes Ivanti Connect Secure vulnerability in its Known Exploited Vulnerabilities (KEV) catalog.

A critical stack-based buffer-overflow flaw, CVE-2025-22457, affecting Ivanti Connect Secure and Pulse Connect Secure has been actively exploited in the wild by advanced persistent threat (APT) actors. This vulnerability, patched by Ivanti in February 2022, only impacts unpatched or older, unsupported versions of Ivanti products.

Ivanti strongly advises organizations to apply the latest security updates and remain on supported product versions to mitigate this risk. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has categorized this vulnerability as critical and added it to their Known Exploited Vulnerabilities Catalog, urging organizations to prioritize remediation.

Organizations using Ivanti Connect Secure or Pulse Connect Secure are recommended to take immediate action. This includes verifying that Ivanti products are updated to versions patched after February 2022. If running unsupported or older versions, it is crucial to upgrade to the latest supported versions without delay. Following Ivanti’s official security advisories and mitigation guidelines is also essential.

In addition, implementing additional network security controls and monitoring focused on detecting exploitation attempts targeting these vulnerabilities, especially malware campaigns leveraging MDifyLoader and Cobalt Strike linked to CVE-2025-22457 exploits, is highly recommended.

Given the high impact of this flaw—allowing unauthenticated remote access to administrative interfaces and enabling remote code execution when chained with other vulnerabilities—it is crucial for organizations to remain vigilant and take prompt action to protect their systems.

1. The cybersecurity community should pay immediate attention to the ongoing exploitation of the critical buffer-overflow flaw, CVE-2025-22457, in Ivanti Connect Secure and Pulse Connect Secure, due to its potential for malware campaigns linked to MDifyLoader and Cobalt Strike.
2. Owing to the critical categorization by U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its inclusion in the Known Exploited Vulnerabilities Catalog, it's essential for all organizations using Ivanti products to prioritize remediation.
3. To mitigate this risk, it's advisable for organizations to ensure their Ivanti products are updated to the latest patent versions, implement additional network security controls, and closely monitor for exploitation attempts.
4. The general-news and crime-and-justice sectors should report on this situation, emphasizing the severity of the vulnerability and the need for swift action, as the consequences of not taking prompt measures could lead to unauthenticated remote access and remote code execution.

Read also: