"Suspected Chinese government spies have exploited a newly disclosed critical bug in Ivanti VPN appliances since mid-March, marking the third incident in three years."
"The newly identified critical bug, CVE-2025-22457, has severe implications as it allows unauthenticated remote code execution, prompting urgent patching by affected companies."
A critical vulnerability (CVE-2025-22457) in Ivanti VPN appliances has been exploited by suspected Chinese spies since mid-March, resulting in the deployment of new malware strains post-exploit. This bug, rated 9.0 out of 10 in severity, allows for unauthenticated remote code execution and affects multiple Ivanti products. Companies are urged to patch this vulnerability immediately, as it has been exploited by the Beijing-backed group UNC5221. This incident marks the third exploitation of Ivanti vulnerabilities in three years, reflecting ongoing security challenges.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]