CyberSecurityBoard
Sponsor Register Login

Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed

The vulnerability was recently exploited in the wild by a suspected China-nexus threat actor, affecting Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways. A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated remote code execution (RCE) vulnerability impacting several Ivanti products. Ivanti released patches for Ivanti Connect Secure (version 22.7R2.6) on February 11, 2025. Patches for Ivanti Policy Secure (22.7R1.4) and ZTA Gateways (22.8R2.2) are scheduled for release on April 21 and April 19, 2025, respectively. Pulse Connect Secure has reached end-of-support, and users are advised to migrate to the latest version of Ivanti Connect Secure. The exploit then takes advantage of a series of pointer dereferences to achieve arbitrary code execution through a Return-Oriented Programming (ROP) chain, executing shell commands via the vulnerable application. Rapid7’s security researchers were able to develop a working remote code execution exploit in approximately four business days. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Organizations using affected Ivanti products should apply patches immediately or implement recommended mitigations while awaiting patches. The exploit bypasses Address Space Layout Randomization (ASLR) through a brute-force approach, leveraging the fact that the target system only uses 9 bits of entropy. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 11 Apr 2025 08:55:11 +0000


Cyber News related to Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed

Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
1 year ago Unit42.paloaltonetworks.com CVE-2023-46805 CVE-2024-21887
Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887
Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware - Hackers exploit unpatched Ivanti vulnerabilities to deploy malware on Linux systems. Magnet Goblin targets businesses using outdated software. Patch immediately and implement strong security measures to protect against these attacks. Cybersecurity ...
1 year ago Hackread.com CVE-2024-21887
Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
1 year ago Go.theregister.com CVE-2024-22024
China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
1 year ago Go.theregister.com
CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products - In an unprecedented move, the US government's cybersecurity agency CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. Within 48 hours, the agency said federal ...
1 year ago Securityweek.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893
Ivanti zero-day flaws under 'widespread' exploitation - Two critical Ivanti vulnerabilities that remain unpatched are being widely exploited just five days following public disclosure. In a security advisory Wednesday, Ivanti urged users and administrators to mitigate two zero-day vulnerabilities that ...
1 year ago Techtarget.com CVE-2024-21887 CVE-2023-46805
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Ivanti patches Connect Secure zero-day exploited since mid-March - Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. While Ivanti has yet to disclose more details ...
2 weeks ago Bleepingcomputer.com CVE-2025-22457
Ivanti Connect Secure Vulnerability (CVE-2025-22457) Actively Exploited in the Wild - Ivanti has disclosed a critical vulnerability, CVE-2025-22457, affecting its Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways products that are actively exploited in the wild. The vulnerability was patched in Ivanti ...
2 weeks ago Cybersecuritynews.com CVE-2025-22457
Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887
More mass exploits hit the same buggy Ivanti devices The Register - All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over ...
1 year ago Go.theregister.com CVE-2024-21893 Hunters
Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887 CVE-2021-22893
Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887
Ivanti warns critical EPM bug lets hackers hijack enrolled devices - Ivanti fixed a critical remote code execution vulnerability in its Endpoint Management software that can let unauthenticated attackers hijack enrolled devices or the core server. Ivanti EPM helps manage client devices running a wide range of ...
1 year ago Bleepingcomputer.com CVE-2023-39366
Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
1 year ago Cysecurity.news CVE-2024-21893 CVE-2023-46805 CVE-2024-21887
Ivanti urges customers to patch yet another critical vulnerability - This vulnerability only affects a limited number of supported versions-Ivanti Connect Secure, Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read between the lines that there could be unsupported versions which will never see ...
1 year ago Malwarebytes.com CVE-2024-22024
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
11 months ago Bleepingcomputer.com CVE-2024-27834
Ivanti releases patches for 13 critical Avalanche RCE flaws - Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management solution. Avalanche allows admins to manage over 100,000 mobile devices from a single, central location ...
1 year ago Bleepingcomputer.com CVE-2023-32560 CVE-2023-35078
Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed - The vulnerability was recently exploited in the wild by a suspected China-nexus threat actor, affecting Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways. A detailed technical analysis has been published regarding ...
1 week ago Cybersecuritynews.com CVE-2025-22457
CISO Corner: CIO Convergence, 10 Critical Security Metrics, & Ivanti Fallout - Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Boards of directors don't care about a security program's minute technical details. With the US Securities and ...
1 year ago Darkreading.com
Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
1 year ago Techrepublic.com CVE-2023-46805 CVE-2024-21887

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)