Well-resourced nation state threat actors are going to great lengths to weaponize N- day vulnerabilities. This session hosted by Ivanti CSO Daniel Spicer and Mandiant's Jacob Thompson will discuss the discovery of CVE-2025-22457 in Ivanti Connect Secure and the sophisticated and complicated exploitation of a security vulnerability that was initially identified and fixed as a product bug. A fix for CVE-2025-22457 was released six weeks before the first exploitation of the vulnerability occurred. The threat actor reverse engineered what had been triaged internally as a product bug and turned it into a vulnerability. Attendees will take a deep dive into why it was initially identified as a product bug, the complexity of this vulnerability, and how the threat actor exploited the vulnerability.