April 3, 2025 By Sergiu Gatlan
Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.
Tracked as CVE-2025-22457, this critical security flaw is due to a stack-based buffer overflow weakness. It impacts Pulse Connect Secure 9.1x (which reached end-of-support in December), Ivanti Connect Secure 22.7R2.5 and earlier, Policy Secure, and Neurons for ZTA gateways.
According to Ivanti's advisory, remote threat actors can exploit it in high-complexity attacks that don't require authentication or user interaction. The company patched the vulnerability on February 11, 2025, with the release of Ivanti Connect Secure 22.7R2.6 after initially tagging it as a product bug.