CVEs Targeting Remote Access Technologies in 2025

The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.

• Post author:Paolo Passeri

• Post published:October 7, 2025

• Post category:Cyber Attacks Timelines / Security

• Post comments:0 Comments

• Reading time:1 min read

Views: 28,719

Last modified: October 7, 2025

[View Paolo Passeri's LinkedIn profile]

Connect on Linkedin

Follow me on X

Follow me on Bluesky

[View Paolo Passeri's Mastdon profile]

Connect on Mastodon

The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.

Similarly to what i did in 2024, I am collecting the list of vulnerabilities targeting security technologies defending the perimeter, which have been exploited so far. As you will notice in the list, a good portion of them are 0-days discovered during 2025, but there are also some vulnerabilities that were disclosed (and patched) a few years ago, but are still exploited by threat actors, since they were left unpatched, an aspect that reinforces the importance of strong security procedures throughout the organization.

Distribution of Vulnerabilities by Vendor **

No Data Found

Below the links to the vendors’ bulletins for the exploited vulnerabilities (whenever they were  available)

https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

https://www.sonicwall.com/support/knowledge-base/product-notice-urgent-security-notification-sma-1000/250120090802840

https://blog.lumen.com/the-j-magic-show-magic-packets-and-where-to-find-them/

https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

https://security.paloaltonetworks.com/CVE-2025-0108

https://support.checkpoint.com/results/sk/sk182336

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US

https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022

**https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018**

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788

https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/

**https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018
https://psirt.global.sonicwall.com/vuln-detail/snwlid-2025-0011**

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424

**https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW**

[...]

Original source