CISA Alert: Critical Flaw in Güralp FMUS Seismic Devices (CVE-2025-8286)

The U.S. Cybersecurity and Infrastructure Security Agency launched an emergency directive for aggressive exploitation of vulnerabilities found in Connect Secure as well as Policy Secure product lines from Ivanti. According to confirmation by the agency, vulnerability flaws are now being used proactively by malicious attackers to infiltrate networks and then extract sensitive data before finally implanting malware.

What Happened? This is due to actively exploited security vulnerabilities in the wild—one being an authentication bypass vulnerability for CVE-2023-46805 and another a command injection vulnerability for CVE-2024-21887. These products constitute VPN and network access control solutions from Ivanti, heavily leveraged among both public agencies and private enterprises, thereby endangering them to cyber risk.

Authentication can be bypassed by attackers who execute arbitrary commands getting persistent access to the systems compromised. Organizations using Ivanti Connect Secure (ICS) 9.x and 22.x plus Ivanti Policy Secure are at direct risk. Federal agencies have been ordered to disconnect affected devices until patches roll in.

The order includes private sector entities, financial institutions, and health care providers. CISA first observed exploitation attempts since the beginning of January 2024; by mid-month there were already widespread attacks confirmed by CISA. Both U.S.-based and international organizations have been thrown into this assault; specific victims were not revealed.

What Should Organizations Do? CISA ordered federal agencies to: 1. Remove affected Ivanti devices from their network at once. 2. Install the most recent patches provided by Ivanti, and 3. Run threat hunting to check if they might have been compromised. Previously, private organizations are also strongly urged to take parallel actions.

Mitigation guidance has already been released by Ivanti, but some versions are still waiting for full patches. Official Statements – Jen Easterly, CISA Director explained it thus, “These vulnerabilities put federal systems at an unacceptable risk that must be mitigated with urgent action.” – The problem was recognized by Ivanti who meanwhile asked customers to apply temporary mitigations while waiting for the final fixes.

Reportedly, the FBI is helping with investigations though no public attribution has yet been made. Urgency in fixing these flaws before more harm happens is underscored in CISA’s directive. Next Steps: Organizations should keep an eye on updates from CISA and Ivanti for any further steps they might need to take.