Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457)

Ivanti has released security updates to address a critical vulnerability, CVE-2025-22457, in Connect Secure, Policy Secure, and ZTA Gateways. This vulnerability could allow a threat actor to take control of affected systems, prompting CISA to add it to the Known Exploited Vulnerabilities Catalog. CISA urges users to implement specific actions, particularly for Ivanti Connect Secure instances not updated by February 28, 2025, and all Pulse Connect Secure (EoS), Policy Secure, and ZTA Gateways. These actions include conducting threat hunting using the external Integrity Checker Tool (ICT) and investigating systems connected to the affected Ivanti device. If no compromise is found, a factory reset using a clean image is recommended for the highest level of confidence, followed by applying the provided patch. If compromise is detected, affected instances should be isolated, forensic images taken, and relevant certificates, keys, and passwords should be revoked and reissued. Additionally, compromised domain accounts need password resets and token revocations, while affected cloud devices should be disabled. Organizations should report any incidents or anomalous activity to CISA and Ivanti immediately. Patches for Ivanti ZTA Gateways and Ivanti Policy Secure will be available April 19 and 21, respectively, and disconnecting vulnerable devices until patches are available should be considered.