Ivanti VPNs at Risk

A critical stack-based buffer overflow (CVE-2025-22457) in Ivanti Connect Secure VPN is being actively exploited by China-linked actors, placing over 5,100 VPN instances at risk of remote code execution; many systems remain unpatched, Pulse Connect Secure 9.x is end-of-support, and CISA has added the flaw to its known exploited vulnerabilities catalog.