Critical unauthenticated RCE in widely-deployed edge VPN appliance (CVSS 9.8)
A pre-auth remote code execution flaw in a popular SSL-VPN appliance is now on CISA's KEV list with confirmed in-the-wild exploitation. Patch or disconnect immediately.
KEV-listed + pre-auth + edge device = stop reading and go patch. If you can't patch today, pull the device off the internet today. There is no middle option that ages well.
The vulnerability allows unauthenticated attackers to execute code on the appliance, giving an immediate foothold inside the perimeter.
CISA has added it to the Known Exploited Vulnerabilities catalog, which means exploitation is confirmed, not theoretical. Federal agencies have a hard remediation deadline; everyone else should treat it the same way.
Beyond patching, hunt retroactively: edge devices rarely log well, so check for new admin sessions, config changes, and outbound connections to unfamiliar infrastructure in the days before patching.