ProjectDiscovery contributors submitted new Nuclei detection templates for two high-impact vulnerabilities: CVE-2025-27364, a remote code execution flaw affecting MITRE Caldera, and CVE-2025-22457, a stack-based buffer overflow affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. The Caldera submission adds a community template for identifying exposure to the RCE issue, while the Ivanti submission adds version-based detection logic tied to product web portal pages.
The Ivanti flaw was described as a CVSS 9.0 vulnerability in X-Forwarded-For header processing and was reported as actively exploited in the wild by China-nexus threat actors, with references to Mandiant, Google TAG, and inclusion in CISA's Known Exploited Vulnerabilities catalog. The proposed Ivanti template checks for versions earlier than 22.7R2.6, giving defenders a way to quickly identify potentially exposed appliances, while the Caldera template expands scanning coverage for organizations using the adversary emulation platform.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
A community contributor opened a pull request to add a Nuclei detection template for CVE-2025-22457. The proposed template performs version-based detection for vulnerable Ivanti Connect Secure, Policy Secure, and ZTA Gateway instances.
A community contributor opened a pull request to add a Nuclei detection template for CVE-2025-27364, described in the reference as a remote code execution issue affecting MITRE Caldera. The visible content does not provide earlier disclosure or exploitation details beyond the template submission.
CVE-2025-22457 was added to CISA’s Known Exploited Vulnerabilities catalog after being identified as actively exploited in the wild. Reporting cited Mandiant and Google TAG attributing exploitation to China-nexus threat actors.
Ivanti disclosed CVE-2025-22457, a stack-based buffer overflow in X-Forwarded-For header processing affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. The issue impacts versions earlier than 22.7R2.6 and carries a CVSS score of 9.0.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
github.com
Open sourcegithub.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.