ivanti News Articles

Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities

Ivanti EPMM hit by critical 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) enabling pre-auth RCE. Active exploits confirmed, patch NOW!

3 days ago

Multiple Ivanti Endpoint Mobile Manager Vulnerabilities Allows Remote Code Execution

Critical security flaws have been uncovered in Ivanti EPMM, a widely used MDM solution, exposing organization to the risk.

3 days ago

Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)

Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest was piqued this week when news of fresh vulnerabilities was announced in a close friend -

4 days ago

Ivanti EPMM Patches CVE-2025-4427 And CVE-2025-4428

Ivanti releases patches for CVE-2025-4427 and CVE-2025-4428 in EPMM to prevent remote code execution attacks. 

4 days ago

Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack

The security software maker said the vulnerabilities in Endpoint Manager Mobile have been exploited in the wild against "a very limited number of customers" — for now — and stem from open source libraries.

5 days ago

Ivanti warns of critical Neurons for ITSM auth bypass flaw

​Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.

6 days ago

CISA Adds One Vulnerability to the KEV Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

3 weeks ago

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

CVE-2025-0282 exploited by Chinese threat actors + DslogdRAT malware installs + 9X ICS scans spike

3 weeks ago

September, 2024 - Iron Castle Systems

This post was originally published on this siteOne of the problems I've had since I originally wrote mac-robber.py [1][2][3] seven years ago is that because of the underlying os.stat python library we...

Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed

A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated RCE vulnerability impacting several Ivanti products.

5000+ Exposed Ivanti Connect Secure Devices Vulnerable to RCE Attacks

Over 5,113 Ivanti Connect Secure VPN appliances remain unpatched and vulnerable to active exploitation of CVE-2025-22457.

Ivanti Security Update Released for Multiple Critical Endpoint Manager RCE Vulnerabilities

Ivanti, a prominent enterprise software provider, has issued an urgent security advisory today addressing multiple vulnerabilities in its Endpoint Manager (EPM) products.

Over 5K Ivanti VPNs vulnerable to critical bug under attack

China-linked threat actors last month began exploiting CVE-2025-22457, a critical stack buffer-overflow flaw.

Ivanti Vulnerability CVE-2025-22457 Actively Exploited

This active exploitation campaign targeting CVE-2025-22457 is a serious threat to Australian organizations using Ivanti products.

CISA adds Ivanti Connect Secure vulnerability to KEV catalog

CVE-2025-22457 is a critical stack buffer-overflow vulnerability that Ivanti had initially assessed as a low-level product bug that could not be exploited remotely.

Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457) | CISA

Ivanti released security updates to address vulnerabilities (CVE-2025-22457) in Ivanti Connect Secure, Policy Secure & ZTA Gateways. A cyber threat actor could exploit CVE-2025-22457 to take control of an...

CISA Adds Actively Exploits Ivanti Connect Secure Vulnerability in Known Exploited Catalog

CISA has added CVE-2025-22457, a critical vulnerability in Ivanti Connect Secure, to its Known Exploited Vulnerabilities (KEV) Catalog.

Ivanti Connect Secure RCE Vulnerability Actively Exploited in the Wild - Apply Patch Now!

Ivanti has disclosed a critical, actively exploited vulnerability (CVE-2025-22457) affecting Connect Secure.

Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)

What's that Skippy? Another Ivanti Connect Secure vulnerability? At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis. Do you know the fun things about these posts? We can copy text from previous posts

Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw

Mandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code execution

Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are probing Palo Alto Networks GlobalProtect

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

Ivanti patches CVE-2025-22457 exploited by UNC5221 in March 2025, risking remote code execution and credential theft.

China-backed espionage group hits Ivanti customers again

UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.

China-Linked Threat Group Exploits Ivanti Bug

The vendor had originally assessed the flaw as low risk but now says it is a critical issue that enables remote code execution.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) - Help Net Security

A suspected Chinese APT group has exploited CVE-2025-22457 - previously thought not to be exploitable - to compromise Ivanti VPN appliances.

Ivanti patches Connect Secure zero-day exploited since mid-March

Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.

CISA Warns of 'Resurge' Malware Connected to Ivanti Vuln

Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.

New Malware Variant RESURGE Exploits Ivanti Vulnerability

CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices - Help Net Security

CISA has released IOCs and updated mitigation advice for rooting out new malware used on Ivanti Connect Secure VPN appliances.

CISA warns new malware targeting Ivanti zero-day vulnerability

CVE-2025-0282, a critical vulnerability that affects Ivanti’s Connect Secure, Policy Secure and ZTA Gateway products, was disclosed and patched in January.

CISA Adds One Vulnerability to the KEV Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282(link is external) Ivanti Connect Secure Vulnerability These types...

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure | CISA

CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the...

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

RESURGE malware exploits Ivanti flaw CVE-2025-0282, adding stealth tools and web shells for persistence.

Silk Typhoon targeting IT supply chain | Microsoft Security Blog

Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat...

2850+ Ivanti Connect Secure Devices Vulnerable to Remote Code Execution Attacks

A critical vulnerability, CVE-2025-22467, in Ivanti Connect Secure (ICS) devices has left approximately 2,850 instances worldwide unpatched.

2,850+ Ivanti Connect Secure Devices Exposed to Potential Cyberattacks

2,850+ unpatched Ivanti Connect Secure devices worldwide, leaving organizations vulnerable to exploitation through the critical flaw designated CVE-2025-22467.

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) - Help Net Security

A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released; patch if you haven't already.

Ivanti | News & Insights | The Hacker News

Read the latest updates about Ivanti on The Hacker News cybersecurity and information technology publication.

Ivanti fixes 4 critical flaws, including CVSS 9.9 in Connect Secure

The flaws could enable remote code execution or arbitrary file writing and should be patched immediately.

Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely

Ivanti has disclosed a critical vulnerability, CVE-2025-22467, impacting its Connect Secure (ICS) product.  This stack-based buffer overflow vulnerability, rated 9.9 (Critical) on the CVSS v3.1 scale, allows remote authenticated attackers to execute arbitrary code on affected systems. 

Ivanti Connect Secure software vulnerability | CVE-2025-0282

Security alert on the Ivanti Connect Secure software suite and Stormshield protection against CVE-2025-0282.

CISA: Hackers still exploiting older Ivanti bugs to breach networks

CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks.

CISA Warn Of Critical Ivanti CSA Vulnerabilities: Patch Now

These four Ivanti CSA Vulnerabilities were exploited in September 2024 by threat actors to compromise victim networks.

New PoC Released For Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)

Researchers have unveiled a PoC exploit for a critical RCE flaw in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.

Threat Brief: CVE-2025-0282 and CVE-2025-0283

CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident respons...

UK domain registry Nominet breached via Ivanti zero-day - Help Net Security

The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen to 800.

Critical Ivanti Vulnerabilities Addressed With Latest Patch

These Ivanti vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283, pose serious risks to users of affected versions.

33,542 Ivanti Connect Secure Instances Exposed as Exploitation of CVE-2025-0282 Unfolds

A critical security vulnerability, CVE-2025-0282, has been identified and exploited in the wild, affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.

Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)

As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthenticated Remote Code Execution vulnerability in their Connect Secure (VPN) appliance. Specifically, we analyzed CVE-2025-0282. Today, we’re going to walk through exploitation. Once again, however, stopping short of pr...