Ivanti Zero-Days Exploited by Nation-State Actors: CISA Emergency Directive Issued

CISA issued an emergency directive after Chinese-linked threat actors exploited critical zero-day vulnerabilities in Ivanti Connect Secure and Policy Secure VPN appliances. The vulnerabilities—CVE-2025-0282 (CVSS 9.0) and CVE-2025-0283—were used to deploy SPAWN malware family for espionage. Over 1,700 government and critical infrastructure organizations were affected before patches were available. The incident reinforces the need to migrate from legacy VPN to Zero Trust Network Access architectures.