Chinese APT Weaponizes Ivanti VPN Flaws (CVE-2025-0282, CVE-2025-22457) Against US, UK, AU Critical Infrastructure
A Chinese-nexus Advanced Persistent Threat (APT) launched a global infiltration campaign starting as late as March 2025. The attack exploits critical vulnerabilities—CVE-2025-0282 and CVE-2025-22457—within Ivanti Connect Secure VPN. The threat actors are deploying malware identified as SPAWNCHIMERA, targeting critical sectors across at least 12 nations, including the United States, United Kingdom, Australia, Japan, and France.
The conversation reveals no debate; sources merely parrot the intelligence report. The consensus hammers the severity: the flaws are stack-based buffer overflows boasting CVSS scores up to 9.0. The scope is massive, hitting everything from Government and Finance to Telecom and Education. The focus is solely on the technical gravity of the vulnerability exposure.
The weight of the reporting is absolute. The intelligence points to a sustained, sophisticated, and geographically wide-ranging assault. The fault line isn't in opinion, but in the remediation timeline—the fact that these critical flaws remain exploited across multiple international jurisdictions.
Key Points
#1Specific CVEs exploited in Ivanti VPN
The attacks leverage stack-based buffer overflow flaws: CVE-2025-0282 and CVE-2025-22457.
#2The malware deployed
The specific malware suite associated with the campaign is named SPAWNCHIMERA.
#3Geographic scale of the attack
Impacts are reported across a wide swath of nations, explicitly naming the US, UK, Australia, Japan, and France.
#4Sectors targeted are broad
Critical infrastructure is hit, listing Government, Financial Institutions, Telecommunications, Automotive, and Education sectors.
#5Attribution and timing
The activity is attributed to a Chinese-nexus APT group and was active as of late March 2025.
Source Discussions (3)
This report was synthesized from the following Lemmy discussions, ranked by community score.