Is Ivanti the problem or a symptom of a systemic issue with network devices? | CyberScoop<\/title> <meta name=\"description\" content=\"Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That\u2019s more than any other vendor in the network edge device space.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ivanti-exploited-vulnerabilities-network-edge-devices-kev-list\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Is Ivanti the problem or a symptom of a systemic issue with network devices?\"> <meta property=\"og:description\" content=\"Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That\u2019s more than any other vendor in the network edge device space.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ivanti-exploited-vulnerabilities-network-edge-devices-kev-list\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-04-14T10:00:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg\"> <meta property=\"og:image:width\" content=\"3000\"> <meta property=\"og:image:height\" content=\"2000\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1742994400g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1744125154g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84160\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84160\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fivanti-exploited-vulnerabilities-network-edge-devices-kev-list%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fivanti-exploited-vulnerabilities-network-edge-devices-kev-list%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-84160 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ivanti-exploited-vulnerabilities-network-edge-devices-kev-list\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \">\n<div class=\"single-article__header-content\" readability=\"30.555555555556\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/ivanti-exploited-vulnerabilities-network-edge-devices-kev-list\/\"> <span>Technology<\/span> <\/a> <\/li>\n<\/ul>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84160\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg 3000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar \/ Alamy Stock Photo) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"143.40822959889\"><body readability=\"294.78105294031\"><\/p>\n<p>Network edge devices \u2014 hardware that powers firewalls, VPNs and network routers \u2014 have quickly moved up the list of attackers\u2019 preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular \u2014 Ivanti \u2014 have confronted exploited vulnerabilities in their products more than any other vendor in this space since the start of last year.<\/p>\n<p>Ivanti appears in the Cybersecurity and Infrastructure Security Agency\u2019s <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">known exploited vulnerabilities (KEV) catalog<\/a> more than any other firewall, VPN or router vendor over the past 16 months. Cyber authorities confirm that attackers exploited five vulnerabilities in Ivanti products so far this year, and 16 total since the beginning of 2024.<\/p>\n<p>Ivanti is far from the only network device vendor targeted by cybercriminals. Competitors with much larger market shares have also seen their customers put at risk through exploited vulnerabilities in their products, but not as consistently as Ivanti. Palo Alto Networks has 10 vulnerabilities on CISA\u2019s catalog of software defects exploited in the wild since 2024. Cisco has eight vulnerabilities listed during that period, and Fortinet has six.<\/p>\n<p>CyberScoop recently spoke with experts to determine whether Ivanti\u2019s problem is specific to the company itself, or a microcosm of a technology that is inherently a rich target for adversaries, no matter the brand. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Many industry analysts, incident response specialists and vulnerability researchers declined to criticize Ivanti for the number of vulnerabilities attackers have exploited in the vendor\u2019s products. Yet, data show that Ivanti is a repeat offender in shipping products with a high number of vulnerabilities, with other experts ranking the vendor among the most problematic and risky for customers.<\/p>\n<p>Ivanti told CyberScoop that it emphasizes releasing as much information as possible as vulnerabilities are discovered, and it is committed to <a href=\"https:\/\/cyberscoop.com\/tag\/secure-by-design-2\/\">secure-by-design<\/a> principles. It also pointed out that many attacks targeting its products are conducted after a flaw has been disclosed and patches have been issued.<\/p>\n<p>\u201cIvanti views transparency and proactive vulnerability management as fundamental to trust and security. CISA has clearly indicated that the expectation for companies such as Ivanti that have applied secure-by-design principles is that the number of CVEs will logically increase,\u201d a spokesperson for Ivanti said in a statement.<\/p>\n<p>\u201cIt is also important to acknowledge that many CVEs included in the KEV, including the majority of those attributed to Ivanti, are not zero-day vulnerabilities, but rather n-days that were disclosed and patched prior to exploitation,\u201d the spokesperson continued. \u201cThey were added to the KEV only after threat actors reverse-engineered the patch to target customers who had not yet applied the patch or were using end-of-life systems.\u201d<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-excess-vulnerabilities-engender-criticism\">Excess vulnerabilities engender criticism<\/h5>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>CISA\u2019s KEV list isn\u2019t the only indication that Ivanti has vulnerability issues. Recent comprehensive industry analyses have positioned Ivanti among the most vulnerable technology vendors in the marketplace, which raises significant concerns for any organization relying on its products. <\/p>\n<p>Cybersecurity insurance firm Coalition recently evaluated more than 7,000 technology vendors of all types and weighted their exploitability and risk by cross-referencing all vulnerabilities in the National Institute of Standards and Technologies\u2019 National Vulnerability Database, and every vendor in NIST\u2019s Common Platform Enumeration dictionary.<\/p>\n<p>\u201cIn our research, we found 201 vulnerabilities within Ivanti\u2019s products, leading our team to list them as No. 10 on our <a href=\"https:\/\/rtr.coalitioninc.com\/\">Risky Tech Ranking<\/a> list,\u201d said Tiago Henriques, chief underwriting officer at Coalition. \u201cThis makes them one of the most vulnerable vendors when weighted by their exploitability.\u201d<\/p>\n<p>Coalition assigned risk scores to vendors by weighting each vulnerability in their products or services based on the probability of exploitation. Vendors with more products typically received a higher risk score. Tech giants Microsoft, Google and Apple are at the top of Coalition\u2019s list of the riskiest tech vendors.<\/p>\n<p>\u201cWith Ivanti recently landing in the top 10 of our Risky Tech Ranking, we are soundly raising the alarm,\u201d Henriques said. \u201cWe strongly encourage companies to review our ranking as they make decisions about the technology they adopt and \u2014 if they are a current user of any of these technologies \u2014 ensure they have stringent patching processes in place.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Ivanti disputes the methodology and conclusions drawn from Coalition\u2019s report. \u201cThis list punishes vendors for being transparent, and that is bad for the industry,\u201d a spokesperson for Ivanti said. \u201cThe call to action for the industry should be more transparency, not less.\u201d<\/p>\n<p>VulnCheck, a threat intelligence firm that maintains a <a href=\"https:\/\/vulncheck.com\/blog\/comparing-kevs-jupyter\">known exploited vulnerabilities catalog<\/a> much larger than CISA\u2019s, determined Ivanti had the third-highest number of vulnerabilities among all vendors in 2024.<\/p>\n<p>\u201cA very reasonable conclusion is that Ivanti products simply have more vulnerabilities in them,\u201d said VulnCheck CTO Jacob Baines. \u201cThat could be due to internal software practices, or it could be the result of building on top of legacy software acquired through other companies where perhaps the security hygiene across all versions wasn\u2019t prioritized.\u201d<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-researchers-commend-ivanti-s-disclosure-practices\">Researchers commend Ivanti\u2019s disclosure practices<\/h5>\n<p>The transparency Ivanti referenced with regard to Coalition\u2019s report has been well received by other industry experts.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Mandiant Consulting CTO Charles Carmakal told CyberScoop there is a skewed perception regarding how often Ivanti is targeted compared to other companies. He underscored Ivanti\u2019s proactive approach, noting that from his perspective, \u201cthey do a really good job of sharing threat intelligence about active exploitation, which many other companies don\u2019t do a lot of times.\u201d Ivanti has collaborated with Carmakal and Mandiant on incident response and research since 2021.<\/p>\n<p>Experts also emphasized that the exploitation of network edge devices is not exclusive to Ivanti. As endpoint security has matured, advanced threat actors have increasingly targeted edge devices, which typically do not support endpoint detection and response (EDR) solutions. These devices often occupy elevated positions within enterprise networks.<\/p>\n<p>\u201cDetecting and remediating this type of compromise requires a significant level of expertise, and even when security solutions are in place, the threat actors are attempting to disable or remove these security solutions to create blind spots,\u201d Carmakal explained.<\/p>\n<p>Caitlin Condon, director of vulnerability intelligence at Rapid7, argued that the number of exploited vulnerabilities assigned to a vendor is not a nuanced measure of their risk or commitment to security.<\/p>\n<p>\u201cWe want to be judging vendors primarily by their response to major incidents and not necessarily by the vulnerabilities that exist in their technology,\u201d she stated. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Rapid7 focuses on vulnerabilities that lead to widespread compromises, which often originate from defects in popular products by Palo Alto Networks, Fortinet, and Citrix. <\/p>\n<p>Condon cautioned against assuming that a vulnerability on the KEV list automatically leads to large-scale incidents, as other threats are exploited more frequently and extensively.<\/p>\n<p>\u201cJust because a vulnerability is on KEV doesn\u2019t mean it\u2019s automatically driving broad-scale incidents,\u201d she said. \u201cWe see other things that are being exploited much more frequently and at scale.\u201d<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-why-ivanti-outpaces-larger-competitors-on-exploited-defects\">Why Ivanti outpaces larger competitors on exploited defects<\/h5>\n<p>Despite the focus of attackers on network edge devices, Ivanti continues to face consistent and recurring problems with actively exploited software defects. The root cause of those flaws, and why these vulnerabilities are discovered in Ivanti products more often compared to competitors, varies widely. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Security experts said one explanation is that researchers \u2014 both within and outside Ivanti \u2014 are putting more attention on the company\u2019s products and finding more actively exploited vulnerabilities as a result.<\/p>\n<p>\u201cHaving vulnerabilities is normal, and popular technology is a common target for vulnerability researchers,\u201d Condon said. \u201cThere\u2019s also an amplification effect at play \u2014 when a high-profile vulnerability winds up on KEV, you can be sure that additional researchers are going to start looking for more hot vulnerabilities in that code base.\u201d<\/p>\n<p>Researchers also note that Ivanti products are used by organizations that attackers like to target, which also affects other vendors with larger market shares in the network edge device sector.<\/p>\n<p>The most high-profile and potentially damaging attack linked to an exploited Ivanti vulnerability involved CISA itself. The federal agency responsible for overseeing the cybersecurity posture of the federal government was impacted in January 2024 by a pair of widely exploited zero-day vulnerabilities in <a href=\"https:\/\/cyberscoop.com\/ivanti-linked-breach-of-cisa-potentially-affected-more-than-100000-individuals\/\">Ivanti products it used at the time<\/a>.<\/p>\n<p>Attackers breached CISA\u2019s Chemical Security Assessment Tool and the CISA Gateway, tools the agency maintained to help secure critical infrastructure. After the attack occurred, but before CISA disclosed, the agency revised a previously released emergency directive requiring all federal agencies to <a href=\"https:\/\/cyberscoop.com\/ivanti-connect-secure-china\/\">disconnect all instances of the impacted Ivanti products<\/a> from their networks. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>CISA officials later said they couldn\u2019t rule out the possibility that chemical facilities\u2019 data was stolen during the attack, and notified organizations representing more than 100,000 people of potential exposure.<\/p>\n<p>The talent and motivations of groups behind these attacks on Ivanti products \u2014 often China state-backed espionage groups \u2014 is another factor at play. <\/p>\n<p>\u201cWe just see such a high velocity of vulnerability research and exploit development coming out of China that\u2019s used for espionage purposes, and it\u2019s used by multiple groups,\u201d Carmakal said. \u201cWe\u2019re going to continue to see this, and it\u2019s not going to be limited to Ivanti.\u201d<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-patterns-in-ivanti-linked-attacks\">Patterns in Ivanti-linked attacks<\/h5>\n<p>The <a href=\"https:\/\/cyberscoop.com\/china-espionage-group-ivanti-vulnerability-exploits\/\">most recently disclosed vulnerability<\/a> affecting Ivanti\u2019s VPN products, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457\">CVE-2025-22457<\/a>, has been exploited by a China-nexus espionage group since mid-March. The threat group, which Google Threat Intelligence Group tracks as UNC5221, has repeatedly attacked Ivanti customers since 2023. UNC5221 previously exploited zero-day vulnerabilities disclosed in Ivanti products in 2023, 2024 and earlier this year.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cPretty much every VPN solution continues to publish CVEs that are exploited in the wild, and that are generally exploited initially, first as a zero-day, and then they\u2019re all exploited, to some extent, as an n-day vulnerability,\u201d Carmakal said. \u201cThis most recent vulnerability was very complex to exploit. This was not an easy, trivial vulnerability.\u201d<\/p>\n<p>Ivanti released a patch for CVE-2025-22457 in Ivanti Connect Secure on Feb. 11, but didn\u2019t publicly disclose the vulnerability until April 3. Shadowserver scans found more than <a href=\"https:\/\/dashboard.shadowserver.org\/statistics\/combined\/map\/?map_type=std&day=2025-04-06&source=http_vulnerable&source=http_vulnerable6&tag=cve-2025-22457%2B&geo=all&data_set=count&scale=log\">5,000 unpatched instances<\/a> of Ivanti Connect Secure three days later.<\/p>\n<p>Mandiant researchers said they don\u2019t know how many organizations are impacted by CVE-2025-22457 exploits, but discovered victims across multiple industries, including government, defense and technology.<\/p>\n<p>Katell Thielemann, VP analyst at Gartner, said the burden customers confront when dealing with vulnerabilities at large continues to grow in scope and costs.<\/p>\n<p>\u201cThe best angle would be to make sure vulnerabilities are not included in the first place, either by using secure-by-design or cyber-informed engineering principles \u2014 but market forces need to put the pressure on producers to adopt them, and for the moment they do not,\u201d she said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Ivanti has improved the security of its products through multiple measures since it signed <a href=\"https:\/\/cyberscoop.com\/cisa-secure-by-design-commitments-tech-companies\/\">CISA\u2019s secure-by-design pledge<\/a> last year, Daniel Spicer, the company\u2019s chief security officer, said in a <a href=\"https:\/\/www.ivanti.com\/blog\/an-update-on-ivantis-ongoing-commitment-to-enhanced-product-security\">blog post<\/a> released in February.<\/p>\n<p>Ivanti\u2019s product development process includes more robust threat modeling and vulnerability assessments, a security team that has grown eight-fold since 2021 and multifactor authentication enabled by default, Spicer said.<\/p>\n<p>\u201cAggressive state-sponsored attacks on edge devices are a widespread and well-documented industry challenge, and not unique to Ivanti,\u201d a company spokesperson said. <\/p>\n<p>\u201cIn response to this threat, Ivanti has established a comprehensive security program including meaningful investments in specialized talent, processes, and partnerships, as well as collaboration on relevant threat intelligence and customer-centric tools like the Integrity Checker Tool and remote forensic capabilities that provide increased and timely visibility into customer environments.\u201d<\/p>\n<p>While some experts place fault for the regularity of exploited Ivanti vulnerabilities with the vendor, others laud the company for its efforts to improve and view the challenges Ivanti and its customers are confronting as an industrywide phenomenon. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cTo me, it\u2019s less of a vendor issue. It\u2019s more of an adversary issue,\u201d Carmakal said. <\/p>\n<p>\u201cThe frequency and aggressive tempo of these attacks highlights the severity and sophistication of the threat actors,\u201d he added, \u201cand we should be careful to not quickly attribute this as shortcomings in the impacted vendors.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.3020706455542\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ivanti-exploited-vulnerabilities-network-edge-devices-kev-list\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Is Ivanti the problem or a symptom of a systemic<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,1209,1764,4133,4134,1765,282,78,452,2182,624,2659,3119,3297,917,4135,3729,1394,1766,646,1767,927,715,3353,256,2815,310,288,3542,4136,643,703,1170],"tags":[277,668,1769,4137,4138,1770,286,86,454,2185,629,2661,3120,3298,921,4139,3731,1395,1771,650,1772,929,720,3357,262,2822,311,294,3545,4140,645,705,1171],"class_list":["post-7540","post","type-post","status-publish","format-standard","hentry","category-china","category-cisa","category-cisco","category-citrix","category-coalition","category-cve","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-edge-devices","category-espionage","category-exploit","category-firewall","category-firewalls","category-fortinet","category-gartner","category-google-threat-intelligence-group","category-ivanti","category-known-exploited-vulnerabilities-kev","category-mandiant","category-national-vulnerability-database","category-nist","category-palo-alto-networks","category-rapid7","category-research","category-routers","category-technology","category-threats","category-virtual-private-network-vpn","category-vulncheck","category-vulnerabilities","category-vulnerability-disclosure","category-zero-days","tag-china","tag-cisa","tag-cisco","tag-citrix","tag-coalition","tag-cve","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-edge-devices","tag-espionage","tag-exploit","tag-firewall","tag-firewalls","tag-fortinet","tag-gartner","tag-google-threat-intelligence-group","tag-ivanti","tag-known-exploited-vulnerabilities-kev","tag-mandiant","tag-national-vulnerability-database","tag-nist","tag-palo-alto-networks","tag-rapid7","tag-research","tag-routers","tag-technology","tag-threats","tag-virtual-private-network-vpn","tag-vulncheck","tag-vulnerabilities","tag-vulnerability-disclosure","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisco\/\" rel=\"category tag\">Cisco<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/citrix\/\" rel=\"category tag\">Citrix<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/coalition\/\" rel=\"category tag\">Coalition<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cve\/\" rel=\"category tag\">CVE<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/edge-devices\/\" rel=\"category tag\">edge devices<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/espionage\/\" rel=\"category tag\">espionage<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploit\/\" rel=\"category tag\">exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewall\/\" rel=\"category tag\">firewall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewalls\/\" rel=\"category tag\">firewalls<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fortinet\/\" rel=\"category tag\">Fortinet<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/gartner\/\" rel=\"category tag\">Gartner<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ivanti\/\" rel=\"category tag\">Ivanti<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/known-exploited-vulnerabilities-kev\/\" rel=\"category tag\">known exploited vulnerabilities (KEV)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-vulnerability-database\/\" rel=\"category tag\">National Vulnerability Database<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nist\/\" rel=\"category tag\">NIST<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/palo-alto-networks\/\" rel=\"category tag\">Palo Alto Networks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/rapid7\/\" rel=\"category tag\">Rapid7<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/routers\/\" rel=\"category tag\">routers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/virtual-private-network-vpn\/\" rel=\"category tag\">virtual private network (VPN)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulncheck\/\" rel=\"category tag\">VulnCheck<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7540"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7540\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7540,"date":"2025-04-14T05:00:00","date_gmt":"2025-04-14T10:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84160"},"modified":"2025-04-14T05:00:00","modified_gmt":"2025-04-14T10:00:00","slug":"is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/04\/14\/is-ivanti-the-problem-or-a-symptom-of-a-systemic-issue-with-network-devices\/","title":{"rendered":"Is Ivanti the problem or a symptom of a systemic issue with network devices?"},"content":{"rendered":"