Home » CISA Adds Cisco ISE, PaperCut Vulnerabilities to KEV Catalog

CISA Adds Cisco ISE, PaperCut Vulnerabilities to KEV Catalog

July 28, 2025 • César Daniel Barreto

The U.S. Cybersecurity and Infrastructure Security Agency has confirmed that attackers leveraged vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure products to infiltrate both federal and private sector networks. These are critical vulnerabilities currently being actively exploited and hence warned about through an emergency directive.

On February 2, 2024, the CISA published an alert referencing vulnerability CVE-2023-46805 as well as CVE-2024-21887 in popular VPN and network access control solutions from Ivanti. Threat actors are able to bypass authentication and run arbitrary commands on systems they target, thus gaining persistent access to the systems.

The agency reports there have been several instances where web shells and malware were used by attackers inside a compromised network to retain control. Federal agencies, critical infrastructure operators, and private organizations are affected.

Immediate vulnerability exists for those utilizing versions 9.x and 22.x of Ivanti Connect Secure or Policy Secure. CISA has required all federal agencies to ensure patching or mitigation measures are applied by February 9, 2024, and recommends that private sector entities do the same.

The first exploitation attempts were noticed in early January 2024 with attacks multiplying towards the end of January. Victims include government, defense, and financial services sectors; however, CISA has not disclosed specific affected entities as that information is not public.

These vulnerabilities permit unauthenticated remote attackers to gain total control of impacted systems, thereby posing significant threats to both data integrity and national security. CISA’s directive highlights the level of urgency since the flaws are being weaponized in attacks even before organizations have time to patch them.

CISA has listed some steps for mitigation which involve applying Ivanti’s patches isolating affected devices, and carrying out forensic analysis for any evidence of compromise. The agency also recommended continuous vigilance for any unusual activity on the network.

The FBI and NSA are assisting CISA in tracking this threat, however, a specific threat actor has not yet been publicly attributed. Organizations must act now to stop this breach from getting any worse.

author avatar

César Daniel Barreto

César Daniel Barreto is an esteemed cybersecurity writer and expert, known for his in-depth knowledge and ability to simplify complex cyber security topics. With extensive experience in network security and data protection, he regularly contributes insightful articles and analysis on the latest cybersecurity trends, educating both professionals and the public.

Featured Posts

  1. How to Protect Critical Infrastructure from Supply Chain Exploits at Runtime
  2. Critical Cyber Alert: Foreign Threat Actor Targets Organizations with Malicious RDP Attachments
  3. Secure Wallet Practices for New Token Investments: Protecting Your Digital Assets
  4. Data Analysis For Fraud Detection News
  5. Outlook Data File Corruption: Causes, Prevention, and Recovery
  6. What is a Data Custodian and Why They Matter
  7. How to Introduce Monitoring Software to Your Team Without Causing a Revolt
  8. Influencers Leaked: A Rising Danger to Online Safety
  9. Privacy and security as main characteristics of the Blockchain: Part 1
  10. Advances in Data Privacy Laws in 2023
  11. In-Depth Exploration of State Sponsored Malware
  12. Android Malware Can Steal Financial Data

Stay on top of the latest cyber & technology trends.

©2025 securitybriefing - All rights reserved.