Security Advisory: CVE-2025-22457 – Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
A critical vulnerability, CVE-2025-22457, has been identified in Ivanti Connect Secure (ICS), Pulse Connect Secure (PCS), Ivanti Policy Secure, and ZTA Gateways. This stack-based buffer overflow allows remote, unauthenticated attackers to execute arbitrary code on affected devices. The flaw is currently being actively exploited by a suspected Chinese advanced persistent threat (APT) group, UNC5221, to deploy custom malware families, TRAILBLAZE and BRUSHFIRE, facilitating persistent access and deep network intrusion.