Ivanti vTM is affected by a critical authentication bypass vulnerability that is currently being actively exploited in the wild.

This vulnerability stems from an incorrect implementation of the authentication algorithm within the admin panel, enabling remote unauthenticated attackers to bypass security controls entirely.

Successful exploitation grants an attacker full administrative control over the Ivanti vTM appliance. Given the CVSS score of 9.8 and confirmed active exploitation, the risk of total system compromise, data exfiltration, and lateral movement within the network is extreme. Failure to remediate immediately could lead to a catastrophic security breach.

Immediate Action: Upgrade to version 22.2R1 or 22.7R2 immediately as per vendor instructions.

Proactive Monitoring: Review administrative access logs for unusual login patterns or unauthorized source IPs accessing the management interface.

Compensating Controls: Restrict access to the vTM management interface to trusted management networks or VPNs only, and implement strict egress filtering.

Public Exploit Available: true

The severity of this vulnerability, combined with confirmed active exploitation, necessitates immediate action. Administrators must verify their versioning and apply the provided security patches without delay to prevent unauthorized administrative access to critical infrastructure.