What is the Vulnerability?CVE-2025-22457 is identified as a buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure and ZTA Gateways. If successfully exploited, can result in remote code execution. This exploitation poses significant risks, potentially allowing unauthorized remote access to systems.The Google Threat Intelligence Group (GTIG) has linked the exploitation of CVE-2025-22457 and the subsequent malware deployment to the suspected espionage group known as UNC5221, which is believed to have connections to China.What is the recommended Mitigation?Ivanti customers are strongly encouraged to implement the recommended actions outlined in the Security Advisory to ensure their systems are secured promptly. Ivanti AdvisoryA patch addressing CVE-2025-22457 was made available in Ivanti Connect Secure (ICS) version 22.7R2.6 on February 11, 2025. Users can also review CISA Mitigation Instructions for CVE-2025-22457.https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-22457What FortiGuard Coverage is available?Intrusion Prevention System (IPS): A signature is developed to detect and block exploit attempts targeting CVE-2025-22457. Intrusion Prevention | FortiGuard LabsAntimalware and Sandbox Service: Delivers protection against known malware and uses advanced behavioral analysis to detect and block unknown threats.FortiGuard Labs has blocked all the known Indicators of Compromise (IOCs) linked to the campaigns targeting the Ivanti Connect Buffer Overflow Vulnerability (CVE-2025-22457).The FortiGuard Incident Response team is available to assist with any suspected compromise.Read More
Ivanti Connect Buffer Overflow Vulnerability
by
Tags: