More than 5,000 Ivanti Connect Secure devices remain exposed to a high-risk remote code execution (RCE) vulnerability, CVE-2025-22457, according to data from the Shadowserver Foundation.
This flaw, caused by a stack-based buffer overflow, allows unauthenticated attackers to remotely execute arbitrary code on affected systems. It has already been actively exploited in the wild, raising concerns across the cybersecurity community.
Exploitation in the Wild
As of April 6, 2025, the Shadowserver Foundation reported that 5,113 Ivanti Connect Secure devices are still unpatched and vulnerable to a critical remote code execution (RCE) flaw—CVE-2025-22457.
This serious vulnerability allows attackers to take full control of affected devices without needing a password. Due to its severity, it has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, highlighting the urgent need for organizations to take action.
Attackers can use this flaw to steal data, install ransomware, or create persistent backdoors into networks.
Shadowserver’s scan data shows these vulnerable devices are spread across IPv4 and IPv6 spaces, with high concentrations in North America, Europe, and Asia.
Ivanti first disclosed the issue in March 2025 and released patches to fix it. However, many organizations have yet to update, leaving them open to attack.
Recommendation
- Apply Ivanti’s patch immediately if you’re using Connect Secure.
- Check access logs for any unusual activity that could indicate compromise.
- Scan your infrastructure to make sure no vulnerable devices are exposed online.
Experts stress that unpatched systems are actively being targeted. Delays in applying security updates can lead to serious consequences, including breaches, downtime, and regulatory issues.
This situation is a clear reminder of how crucial timely patching and proactive cybersecurity practices are in today’s threat landscape.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment