Mandiant links Ivanti zero-day exploitation to Chinese hackers

Mandiant warned users to "be prepared for widespread exploitation" of CVE-2025-0282 as Ivanti products have become a popular target for attackers in recent years.

• Share this item with your network:

• Arielle Waldman, News Writer

Mandiant connected the recent zero-days attack against Ivanti Connect Secure VPN appliances to UNC5337, the same China-nexus threat actor that was tied to the exploitation of two Ivanti zero-day flaws one year ago.

In a blog post published on Wednesday, Mandiant detailed an attack campaign involving a zero-day vulnerability, tracked as CVE-2025-0282, discovered in Ivanti Connect Secure (ICS), Ivanti Policy and ZTA Gateways. Ivanti disclosed the flaw on Wednesday and warned users that it was being exploited in the wild. Patches are available and users are urged to apply fixes as Ivanti products have proven to be a popular target for attackers.

Mandiant said it initially observed exploitation activity for CVE-2025-0282 beginning in mid-December. After analyzing ...