The Cybersecurity and Infrastructure Security Agency has issued an emergency directive warning that a critical vulnerability in widely used enterprise VPN software is being actively exploited by threat actors. The vulnerability, which affects products from a major networking vendor, allows unauthenticated remote code execution and has been assigned a CVSS score of 9.8.
CISA reports that federal agencies and critical infrastructure operators have been targeted in attacks exploiting the flaw, with evidence suggesting that threat groups linked to nation-state actors are among the most active exploiters. The agency has ordered all federal civilian agencies to apply the vendor's emergency patch within 48 hours.
Cybersecurity firms tracking the exploitation say that thousands of vulnerable devices remain exposed on the public internet, including those belonging to healthcare organizations, financial institutions, and state governments. Security experts are urging all organizations using the affected products to patch immediately, review access logs for signs of compromise, and implement network segmentation to limit lateral movement.
