Why Enterprise Security Appliances Keep Breaking The Same Way

Ivanti disclosed CVE-2025-22457, a stack buffer overflow on the unauthenticated path of its Connect Secure VPN, exactly one year after signing CISA's Secure-by-Design pledge. A China-nexus group exploited the bug in the wild. Ivanti shipped the fix two months earlier but filed it as low-risk, incorrectly concluding it could not be remote code execution.