Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years

Suspected Chinese government spies have been exploiting a newly disclosed critical bug in Ivanti VPN appliances since mid-March. This is now at least the third time in three years these snoops have been pwning these products.

Plus, post-exploit, the Beijing-backed crew deployed on compromised Ivanti equipment two new malware strains along with variants of the Spawn software nasty, we're told.

Ivanti today detailed the under-attack 9.0-out-of-10-severity vulnerability, tracked as CVE-2025-22457, and said it affects Ivanti Connect Secure (version 22.7R2.5 and earlier), Pulse Connect Secure 9.x (end-of-support as of December 31), Ivanti Policy Secure, and ZTA gateways.

The alert comes just days after the US government warned a new form of Spawn was being used in attacks exploiting an earlier Ivanti zero-day, this one tracked as CVE-2025-0282, in these same products.

The new critical bug, CVE-2025-22457, is a stack-based buffer overflow flaw that can lead to ...