Ivanti has issued a warning about critical vulnerabilities impacting its products, particularly highlighting CVE-2025-0282, a severe stack-based buffer overflow with a CVSS score of 9.0. This vulnerability has come under active exploitation since mid-December 2024, potentially leading to unauthenticated remote code execution if successfully exploited. The severity and potential impact of this flaw underscore the urgency of the company's advisory to prompt users to update their systems.
Mandiant reported that the exploitation of CVE-2025-0282 involves the deployment of the SPAWN ecosystem of malware, linked to a China-nexus threat actor called UNC5337. Observations indicate that this actor is part of a broader group known as UNC5221. The attacks associated with this exploitation have not only made use of known malware but have also resulted in the use of previously undocumented malware families, raising concerns about the diverse tactics employed by sophisticated threat actors.
Collection
[
|
...
]