Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances

Ivanti on Thursday rushed out documentation for a critical flaw in its Connect Secure VPN appliances and confirmed a related Mandiant warning that a Chinese APT is actively exploiting the vulnerability.

The software defect, tagged as CVE-2025-22457 with a CVSS severity score of 9/10, was originally patched in February but was not properly documented because it was triaged as a denial-of-service “product bug.”

The company said it found out, via in-the-wild exploitation, that the issue was more than a software crashing issue and actually exposed users to remote hacker attacks.

“Successful exploitation could lead to remote code execution,” Ivanti said in a new bulletin. The bug affects Ivanti Connect Secure versions 22.7R2.5 and earlier, as well as end-of-support Pulse Connect Secure 9.x.

“We are aware of a limited number of customers whose Ivanti Connect Secure (22.7R2.5 or earlier) and End-of-Support Pulse Connect Secure 9 ...