Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

July 18, 2025 invoker category_news

Security Update News

Update Information

Title Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks
Update ID THN:CC21BBE395A5745EC1C2B9ADB56A8739
Type thn
Published 2025-07-18T18:13:00
Last Updated 2025-07-18T18:13:25

Security Impact

CVSS Score 9.8
Severity CRITICAL

AI Analysis

AI Description The vulnerabilities CVE-2025-0282 and CVE-2025-22457 in Ivanti Connect Secure are being exploited to deploy MDifyLoader, which launches Cobalt Strike in memory. These zero-day exploits were used in attacks between December 2024 and July 2025.
AI Severity Critical
AI Vendor Ivanti
AI Product Ivanti Connect Secure
AI Version Version information not provided

Affected CVEs

  • CVE-2025-0282
  • CVE-2025-22457

Update Details

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.