Rapid7 Discloses RCE Vulnerability in Ivanti VPN Appliance After Silent Patch
IncidentResponseMalware&ThreatsVulnerabilitiesConnectSecureCVE-2025-22457IvantiMandiantRapid7VPN
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
Rapid7 has revealed a remote code execution (RCE) vulnerability in the Ivanti VPN appliance, identified as CVE-2025-22457. This flaw has already been exploited by a Chinese hacker group known for targeting edge network devices. The vulnerability was silently patched by Ivanti, leading to criticism regarding the transparency of patch management.