Ivanti Patches Critical Remote Code Execution Flaw in Connect Secure

Ivanti has fixed a critical remote code execution vulnerability in Connect Secure, which has been exploited since at least mid-March 2025. The vulnerability, referenced under the number CVE-2025-22457, was exploited by a China-linked threat group, UNC5221. Ivanti has released security updates to address this vulnerability. The company has not disclosed further details about the exploitation of this flaw.