Home » CISA Warns of DLL Hijacking Flaw in Mitsubishi CNC Software (CVE-2016-2542)

CISA Warns of DLL Hijacking Flaw in Mitsubishi CNC Software (CVE-2016-2542)

July 25, 2025 • César Daniel Barreto

The U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive against vulnerabilities being actively exploited in the products of Ivanti Connect Secure and Ivanti Policy Secure.

The federal agency confirmed that flaws are currently being leveraged by threat actors to infiltrate both federal and private sector networks.

In its warning, CISA highlighted that two vulnerabilities—the authentication bypass vulnerability CVE-2023-46805 and a command injection vulnerability CVE-2024-21887 are being exploited in the wild currently against broadly deployed VPN and network access control solutions made by Ivanti. Attackers can bypass authentication and execute malicious commands on systems they have unauthorized access to.

Who does it concern? Federal agencies, critical infrastructure operators, and enterprises that are users of Ivanti Connect Secure (previously operating under the name Pulse Secure) or Ivanti Policy Secure. CISA has gotten all federal civilian agencies to make sure mitigations are applied by February 5, 2024, and an exhaustive check of their networks for any present indicators of compromise.

When and Where. Exploitation was discovered in early January 2024, with intensified attacks in recent weeks. The victim pool encompasses a broad cross-section of industries—government, defense, and financial services included.

Specific targets in the U.S. or overseas have not been revealed by CISA; however, incidents were confirmed both domestically and internationally.

Exploitation paths discussed above lead to credential theft as well as malware execution followed by its persistence being maintained on a network. Unpatched systems are open to massive breaches if advanced persistent threats have their way. According to CISA warnings echoing Mandiant concerns, current campaigns are attributed to Chinese state-backed threat activity.

CISA urges organizations to: Apply Ivanti’s patches immediately. Disconnect compromised devices. Follow incident response steps outlined in its alert, Emergency Directive 24-01.

The FBI is assisting in investigations, while Ivanti has released mitigation tools for customers awaiting full patches. For ongoing updates, CISA directs organizations to its advisory at www.cisa.gov.

author avatar

César Daniel Barreto

César Daniel Barreto is an esteemed cybersecurity writer and expert, known for his in-depth knowledge and ability to simplify complex cyber security topics. With extensive experience in network security and data protection, he regularly contributes insightful articles and analysis on the latest cybersecurity trends, educating both professionals and the public.

Featured Posts

  1. Influencers Leaked: A Rising Danger to Online Safety
  2. The Price of Convenience: How Free Services Monetize Your Data
  3. The TikTok Dilemma: Balancing Entertainment 
  4. What is a Data Custodian and Why They Matter
  5. Top Cybersecurity Threats for Tech Companies in 2025
  6. Cryptocurrencies and Mesh Routing
  7. WordPress Security: Top Tips to Protect Your Website
  8. Massive Data Breach at AT&T: What Customers Need to Know
  9. Privacy and security as main characteristics of the Blockchain: Part 1
  10. Should You Really Put Cameras Around Your Home—and What Risks Are You Inviting if You Do?
  11. APT (Advanced Persistent Threat)
  12. Outlook Data File Corruption: Causes, Prevention, and Recovery

Stay on top of the latest cyber & technology trends.

©2025 securitybriefing - All rights reserved.