The Cybersecurity and Infrastructure Security Agency has issued an emergency directive requiring all federal agencies to patch a critical vulnerability in Check Point VPN products within three days.

The vulnerability has been actively exploited by ransomware groups to breach dozens of organizations, according to Check Point's security advisories. The bug affects multiple Check Point VPN products that are widely deployed across government networks.

CISA's emergency directive reflects the severity of the threat, as the agency typically reserves such urgent timelines for vulnerabilities that pose immediate risks to federal systems. The three-day deadline is significantly shorter than the standard patching requirements for most security updates.

Check Point has released patches for the affected products and advised all customers to apply the updates immediately. The company has not disclosed the specific technical details of the vulnerability to prevent further exploitation.

Ransomware groups have increasingly targeted VPN vulnerabilities as a primary attack vector, using them to gain initial access to corporate and government networks. Once inside, attackers can move laterally through systems and deploy ransomware to encrypt critical data and demand payment for decryption keys.