Ivanti has issued crucial security patches addressing multiple high-severity vulnerabilities in Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA). These flaws could potentially enable arbitrary code execution.

Key Vulnerabilities:
– CVE-2024-38657 (CVSS 9.1): File name control vulnerability allowing arbitrary file writing
– CVE-2025-22467 (CVSS 9.9): Stack-based buffer overflow enabling remote code execution
– CVE-2024-10644 (CVSS 9.1): Code injection vulnerability leading to remote code execution
– CVE-2024-47908 (CVSS 9.1): Command injection flaw in admin web console

Updated Secure Versions:
– Ivanti Connect Secure: 22.7R2.6
– Ivanti Policy Secure: 22.7R1.3
– Ivanti CSA: 5.0.5

JPCERT/CC reported that CVE-2025-0282 was exploited to deliver SPAWNCHIMERA, an enhanced malware framework combining functions of SPAWNANT, SPAWNMOLE, and SPAWNSNAIL.

Ivanti’s CSO Daniel Spicer acknowledged that their edge products have been targeted by sophisticated threat actors, prompting enhanced security measures including improved internal scanning, testing capabilities, and becoming a CVE Numbering Authority.

Related Security Updates:
– SonicWall addressed CVE-2024-53704, affecting approximately 4,500 unpatched SSL VPN servers
– Fortinet patched FortiOS vulnerabilities (CVE-2024-46666, CVE-2024-46668) and addressed authentication bypass issue (CVE-2025-24472)

Users are strongly advised to implement these security updates immediately to protect against potential exploits.