<ul><li>U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog.</li><li>CISA added an Apache Tomcat path equivalence vulnerability (CVE-2025-22457) to its catalog of vulnerabilities.</li><li>The vulnerability allows remote unauthenticated remote code execution and has been exploited by a China-linked threat actor since mid-March 2025.</li><li>Ivanti released security updates to address the vulnerability and urges affected users to update to the latest version.</li></ul>

U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

Discover more