Recent searches
Search options
#ivanti
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
A critical security vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure VPN appliances has been actively exploited since mid-March 2025. The vulnerability allows remote code execution through a buffer overflow. Two new malware families, TRAILBLAZE and BRUSHFIRE, have been deployed along with the previously known SPAWN ecosystem. The suspected China-nexus espionage actor UNC5221 is believed to be behind the attacks. Post-exploitation activities include the use of a shell script dropper, deployment of various malware components, and attempts to evade detection by modifying the Integrity Checker Tool. Organizations are urged to immediately patch their systems and monitor for suspicious activity.
Pulse ID: 67ef85475bfef03602225985
Pulse Link: https://otx.alienvault.com/pulse/67ef85475bfef03602225985
Pulse Author: AlienVault
Created: 2025-04-04 07:07:51
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Go hack some more Ivanti shit. Someone else already has been.
sev:CRIT 9.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
https://nvd.nist.gov/vuln/detail/CVE-2025-22457
Edit to add:
We are aware of a limited number of customers whose Ivanti Connect Secure (22.7R2.5 or earlier) and End-of-Support Pulse Connect Secure 9.1x appliances have been exploited at the time of disclosure. Pulse Connect Secure 9.1x reached End-of-Support on December 31, 2024, and no longer receive code support or changes.
In-the-wild activity targeting SonicWall, Zyxel, F5, Linksys, Zoho, and Ivanti. Surge on March 28. Full analysis: https://www.greynoise.io/blog/heightened-in-the-wild-activity-key-technologies
Ivanti Buffer Overflow Vulnerability has been Exploited by SPAWNCHIMERA Malware
Pulse ID: 67da802455b3521d966b389a
Pulse Link: https://otx.alienvault.com/pulse/67da802455b3521d966b389a
Pulse Author: cryptocti
Created: 2025-03-19 08:28:20
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#UK domain giant #Nominet confirms #cybersecurity incident linked to #Ivanti #VPN hacks
Zero-day since the last zero-day
#Hackers are #exploiting a new #Ivanti #VPN #security bug to #hack into company networks | TechCrunch
US software giant Ivanti has warned that a zero-day #vulnerability in its widely-used enterprise VPN appliance has been #exploited to compromise the networks of its corporate customers.
#privacy #exploit #zeroday
Shall we open up a poll, or betting contest about how many #Ivanti vulns we'll see in 2025?
#Ivanti has released software updates to address a critical vulnerability in its Cloud Services Appliance (CSA)
The vulnerability is tracked as CVE-2024-11639, and when exploited, allows an attacker to bypass authentication and gain administrative privileges
Administrators are advised to patch ASAP
Rapid7 is warning customers about several high-risk vulnerabilities in common enterprise technologies such as #Adobe Coldfusion, Broadcom #VMware, and #Ivanti Endpoint Manager. https://www.rapid7.com/blog/post/2024/09/19/etr-high-risk-vulnerabilities-in-common-enterprise-technologies/
MITRE disclosed that one of their research and development networks was compromised by a foreign nation-state threat actor in January 2024 using Ivanti Connect Secure zero-days CVE-2023-46805 and CVE-2024-21887. Networked Experimentation, Research, and Virtualization Environment (NERVE) is a collaborative network used for research, development, and prototyping. MITRE included a timeline, observed TTP methods (mapped out to MITRE ATT&CK techniques cc: @howelloneill) and their incident response actions. No IOC provided. 
https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks and https://medium.com/mitre-engenuity/advanced-cyber-threats-impact-even-the-most-prepared-56444e980dc8 h/t @reverseics
Tenable has published additional details about CVE-2024-29204 (9.8 critical, disclosed 16 April 2024 by Ivanti) and how it can be exploited by sending messages to Avalanche’s WLAvalancheService.exe on TCP port 1777. This includes a Proof of Concept. https://www.tenable.com/security/research/tra-2024-10
Happy #PatchTuesday from Ivanti. Security Update for Ivanti Avalanche 6.4.3 addresses a whopping 27 vulnerabilities with CVE-2024-29204 (heap overflow to remote code execution) being a 9.8 critical. No mention of exploitation. https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US and blog post https://www.ivanti.com/blog/security-update-for-ivanti-avalanche