Ivanti has released emergency fixes for a stack-based buffer overflow vulnerability impacting its Connect Secure VPN appliances, tracked as CVE-2025-0282, which has been leveraged in ongoing remote network takeover intrusions, SC Media reports.
Attackers could hijack vulnerable Connect Secure VPN instances to facilitate the compromise of other systems and databases within targeted networks, according to Mandiant researchers, who tied some of the attacks to Chinese-linked cyberespionage operations while investigating the security issue.
"It's possible that multiple actors are responsible for the creation and deployment of these various code families (i.e. SPAWN, DRYHOOK, and PHASEJAM), but as of publishing this report, we don't have enough data to accurately assess the number of threat actors targeting CVE-2025-0282," said Mandiant.
Ivanti also patched the Connect Secure bug, tracked as CVE-2025-0283, which Mandiant said did not experience active exploitation.
