Intel Name: Suspected china-nexus threat actor actively exploiting critical ivanti connect secure vulnerability (cve-2025-22457)
Date of Scan: April 4, 2025
Impact: Medium
Summary: A suspected China-linked group, UNC5221, is exploiting a critical vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPN appliances (versions 22.7R2.5 and earlier). The flaw, initially thought to cause only denial-of-service, allows remote code execution. Active exploitation was detected in March 2025, deploying new malware like TRAILBLAZE and BRUSHFIRE passive backdoor. Ivanti released patches in February 2025, urging customers to upgrade to protect against the attack.
