<ul><li>Ivanti has addressed a critical remote code execution flaw in Connect Secure, which has been exploited by a China-linked group since mid-March 2025.</li><li>The vulnerability, tracked as CVE-2025-22457, is a stack-based buffer overflow that allows remote unauthenticated remote code execution.</li><li>The flaw impacts Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA gateways. Ivanti has released security updates to address the vulnerability.</li><li>The China-linked group UNC5221 has been exploiting the vulnerability to deploy TRAILBLAZE, BRUSHFIRE, and SPAWN malware since March 2025.</li></ul>

China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

Discover more