A Chinese Advanced Persistent Threat (APT) Group has successfully exploited critical vulnerabilities in Ivanti Connect Secure VPN appliances to infiltrate organizations across 12 countries and 20 industries, according to the Taiwan cybersecurity firm TeamT5. The campaign, active since late March 2025, exploits the stack-based buffer overflow flaws in CVE-2025-0282 and CVE-2025-22457, which have maximum CVSS (Common Vulnerability Scoring System) scores of 9.0, to deploy the SPAWNCHIMERA malware
cve-2025-0282 (2)
Another vulnerability impacting firewall products from Ivanti is being exploited by alleged China-based hackers. An Ivanti advisory released last week confirmed that a “limited number of customers” have been attacked through a bug impacting its Connect Secure, Policy Secure & ZTA Gateways tools, which are used by large organizations and government clients to keep malicious traffic out while allowing employees to have remote access to systems.
The next day, the US Cybersecurity and Infrastructu
