Home » CISA Warns of Critical Auth Bypass in Network Thermostat X-Series

CISA Warns of Critical Auth Bypass in Network Thermostat X-Series

July 24, 2025 • César Daniel Barreto

CISA Issues Emergency Directive on Active Exploitation of Ivanti App VPN Vulnerabilities WASHINGTON, Feb 2 (Reuters) – The U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive late Thursday warning that critical vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure VPN solutions are being actively exploited.

“We have confirmed that multiple threat actors—including known state-sponsored groups—are exploiting these vulnerabilities to gain access to both government and private sector networks,” CISA reported on two vulnerabilities under active exploit: CVE-2023-46805 (Authentication Bypass Vulnerability) and CVE-2024-21887 (Command Injection Vulnerability).

Attackers are able to chain these flaws together, bypass authentication protections, and run commands giving them total control of the targeted VPN appliances. CISA then observed attacks in which the vulnerability was used to drop malicious payloads, credential theft, and persistence mechanisms onto systems.

When and Where? CISA released a directive on February 2, 2024, following reports of recent attacks that go back to early January. Victims include U.S. government agencies and global enterprises. This is evidence of intrusion motivated by espionage.

Why does this matter? VPN appliances are high-value targets because successful exploitation can compromise remote access security. Successful exploitation enables attackers to bypass multi-factor authentication (MFA) and facilitates privileged lateral network movements inside the systems. Unpatched systems are under extreme risk of compromise, as warned by CISA.

Official Guidance CISA has directed Federal Agencies: 1. To apply Ivanti’s mitigation patches immediately or disconnect vulnerable systems. 2. To assume compromise and carry out forensic investigations.

3. To monitor for IOCs listed in CISA’s advisory. Ivanti released interim mitigations as it tried to work out final patches. The FBI and NSA are also involved in tracking threats against this vulnerability.

No specific hacker groups were made publicly known in the advisory. Next Steps: Organizations are urged to review CISA’s Emergency Directive ED 24-02 and read Ivanti’s security updates. If not, massive breaches will occur just as it happened last time during the 2021 Pulse Secure VPN compromises.

author avatar

César Daniel Barreto

César Daniel Barreto is an esteemed cybersecurity writer and expert, known for his in-depth knowledge and ability to simplify complex cyber security topics. With extensive experience in network security and data protection, he regularly contributes insightful articles and analysis on the latest cybersecurity trends, educating both professionals and the public.

Featured Posts

  1. Is Temu Safe for Credit Card Use?
  2. Tinba Virus: A Nefarious Banking Trojan
  3. The Impact of AI on Cryptocurrency Investments in 2025
  4. Best DNS Servers for Gaming
  5. The Price of Convenience: How Free Services Monetize Your Data
  6. Influencers Leaked: A Rising Danger to Online Safety
  7. APT (Advanced Persistent Threat)
  8. The Ultimate Guide to Network Pentesting
  9. How to Remove Malware From Google Chrome
  10. What is a Data Custodian and Why They Matter
  11. Tiny Banker Trojan: An In-Depth Look at a Stealthy Cyber Threat
  12. WordPress Security: Top Tips to Protect Your Website

Stay on top of the latest cyber & technology trends.

©2025 securitybriefing - All rights reserved.