Rapid7 submitted a Metasploit module for Ivanti Connect Secure that targets the chained vulnerabilities CVE-2023-46805 and CVE-2024-21887, a combination widely associated with remote code execution on exposed appliances. The pull request indicates offensive security tooling has been updated to support exploitation of the authentication bypass and command injection chain, lowering the barrier for defenders and attackers alike to reproduce the issue in testing or live environments.
A separate GitHub reference shows ProjectDiscovery adding a Nuclei template for CVE-2025-4665, identified as a SQL injection flaw in the WordPress CFDB7 plugin. While the available material does not include exploitation details or patch guidance, both references show public security tooling rapidly incorporating newly disclosed vulnerabilities, increasing the urgency for organizations to identify exposed Ivanti gateways and vulnerable WordPress installations and apply mitigations or updates.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
A pull request was published in the nuclei-templates repository to add a template for CVE-2025-4665, identified in the content as a SQL injection vulnerability affecting the WordPress CFDB7 plugin. No patch, exploitation, or victim details are provided in the reference.
A pull request was opened in the Metasploit Framework repository for an exploit module targeting Ivanti Connect Secure vulnerabilities CVE-2023-46805 and CVE-2024-21887. This indicates public exploit tooling development for the chained flaws.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
github.com
Open sourcegithub.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.