Over 5,000 Ivanti Devices at Risk

Security Warning: Over 5,000 Ivanti Connect Secure VPN devices used across corporate networks worldwide remain at serious risk. This vulnerability, identified as CVE-2025-22457, allows cybercriminals to gain access to your systems and steal your data.

This is a stack-based buffer overflow vulnerability affecting the following products:

✔ Ivanti Connect Secure (version 22.7R2.5 and earlier)

✔ Pulse Connect Secure (version 9.1R18.9 and earlier)

✔ Ivanti Policy Secure (version 22.7R1.3 and earlier)

✔ ZTA Gateways (version 22.8R2 and earlier)

Risk Level: 9.0 out of 10 (Very High Risk)

Google’s Mandiant security team discovered that the following attacks are being carried out using this vulnerability:

• TRAILBLAZE – A custom tool used for initial system access.
• BRUSHFIRE – A hidden program used to stay within the system for extended periods and steal data.

Attackers: A professional cybercriminal group named “UNC5221,” linked to China.

How to Protect Yourself?

✅ Update Immediately: Move to Ivanti Connect Secure version 22.7R2.6.
✅ Temporarily Suspend Usage: Do not use Policy Secure and ZTA Gateway devices until updates are available (April 21st and April 19th).
✅ Thorough Check: Use Ivanti Integrity Checker Tool (ICT) to check your systems.
✅ Factory Reset: If in doubt, perform a full factory reset on the devices.
✅ Change Passwords: Update all certificates, keys, and passwords.

Why Is This So Dangerous?

✔ Attackers can gain system access without user authentication.
✔ There is a possibility for attackers to remain in the system for a long time.
✔ Risk of data theft and network breaches.
✔ Over 5,000 devices worldwide are at risk.

Note: According to recent checks by Shadowserver, many organizations are still using vulnerable devices. Attacks are increasing, so take action immediately!

🔐 Security is in your hands! Update your devices and protect your data!