CyberSecurityBoard
Sponsor Register Login

1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities

A significant increase in suspicious scanning activity targeting Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems, signaling a potential coordinated reconnaissance effort by threat actors. This surge in scanning coincides with increased attention to CVE-2025-22457, a critical stack-based buffer overflow vulnerability in Ivanti Connect Secure (versions 22.7R2.5 and earlier), Pulse Connect Secure 9.x (now end-of-support), Ivanti Policy Secure, and Neurons for ZTA gateways. The observed spike in scanning is a clear warning: attackers actively seek to exploit unpatched Ivanti Connect Secure systems. Ivanti Connect Secure VPNs are widely deployed for enterprise remote access, making them high-value targets for cybercriminals and nation-state actors.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 24 Apr 2025 06:20:13 +0000


Cyber News related to 1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities

Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
2 years ago Unit42.paloaltonetworks.com CVE-2023-46805 CVE-2024-21887
Ivanti Connect Secure Vulnerability (CVE-2025-22457) Actively Exploited in the Wild - Ivanti has disclosed a critical vulnerability, CVE-2025-22457, affecting its Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways products that are actively exploited in the wild. The vulnerability was patched in Ivanti ...
11 months ago Cybersecuritynews.com CVE-2025-22457
Ivanti Security Update: Patch for Multiple Vulnerabilities in Connect and Policy Secure - Ivanti, a leading provider of IT security and management solutions, has announced the release of critical updates for its Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. Organizations using Ivanti Connect Secure and Policy Secure ...
8 months ago Cybersecuritynews.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
2 years ago Techtarget.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893
Ivanti patches Connect Secure zero-day exploited since mid-March - Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. While Ivanti has yet to disclose more details ...
11 months ago Bleepingcomputer.com CVE-2025-22457
CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products - In an unprecedented move, the US government's cybersecurity agency CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. Within 48 hours, the agency said federal ...
2 years ago Securityweek.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893
1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities - A significant increase in suspicious scanning activity targeting Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems, signaling a potential coordinated reconnaissance effort by threat actors. This surge in scanning coincides with ...
10 months ago Cybersecuritynews.com CVE-2025-22457
Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
2 years ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887
Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
2 years ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887
CISA Adds Actively Exploits Ivanti Connect Secure Vulnerability in Known Exploited Catalog - If no compromise is detected, conduct a factory reset with a clean image for cloud/virtual systems, apply patches per Ivanti’s advisory (Connect Secure 22.7R2.6; Policy Secure and ZTA Gateways patches due April 21 and 19), monitor authentication ...
11 months ago Cybersecuritynews.com CVE-2025-22457
Ivanti urges customers to patch yet another critical vulnerability - This vulnerability only affects a limited number of supported versions-Ivanti Connect Secure, Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read between the lines that there could be unsupported versions which will never see ...
2 years ago Malwarebytes.com CVE-2024-22024
Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
2 years ago Cysecurity.news CVE-2024-21893 CVE-2023-46805 CVE-2024-21887
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
2 years ago Techtarget.com CVE-2023-46805 CVE-2024-21887
More mass exploits hit the same buggy Ivanti devices The Register - All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over ...
2 years ago Go.theregister.com CVE-2024-21893 Hunters
China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
2 years ago Go.theregister.com
Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
2 years ago Techrepublic.com CVE-2023-46805 CVE-2024-21887
Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
2 years ago Techtarget.com CVE-2023-46805 CVE-2024-21887
CVE-2025-10703 - Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. ...
3 months ago
CVE-2025-10702 - Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. ...
3 months ago
Two Ivanti Zero-Days Actively Exploited in the Wild - Ivanti customers have been urged to follow the security vendor's suggested workaround after it confirmed that two zero-day vulnerabilities in its Connect Secure and Policy Secure gateways are being actively exploited. Connect Secure is a VPN product ...
2 years ago Infosecurity-magazine.com CVE-2023-46805 CVE-2024-21887 CVE-2023-35078 CVE-2023-35081
Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware - Hackers exploit unpatched Ivanti vulnerabilities to deploy malware on Linux systems. Magnet Goblin targets businesses using outdated software. Patch immediately and implement strong security measures to protect against these attacks. Cybersecurity ...
2 years ago Hackread.com CVE-2024-21887
Ivanti fixes three critical flaws in Connect Secure & Policy Secure - Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems. “The Pulse Connect Secure ...
1 year ago Bleepingcomputer.com
Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
2 years ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887 CVE-2021-22893
Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed - The vulnerability was recently exploited in the wild by a suspected China-nexus threat actor, affecting Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways. A detailed technical analysis has been published regarding ...
11 months ago Cybersecuritynews.com CVE-2025-22457
Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response ...
2 years ago Securityweek.com CVE-2023-46805 CVE-2024-21887

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)