Ivanti has issued a critical warning regarding the exploitation of a newly discovered vulnerability in its Connect Secure product, identified as CVE-2025-0282. This remote code execution flaw has been actively targeted by hackers in zero-day attacks, allowing unauthorized individuals to execute malicious code on affected devices. The vulnerability has been rated as critical, with a CVSS score of 9.0, indicating its severity and potential impact.
Background of the vulnerability
The issue was first detected by Ivanti’s Integrity Checker Tool (ICT), which identified suspicious activity on customer appliances. Following this detection, Ivanti conducted an investigation and confirmed that the vulnerability was being exploited in the wild. Specifically, the flaw affects versions of Ivanti Connect Secure prior to 22.7R2.5, Ivanti Policy Secure before 22.7R1.2, and Ivanti Neurons for ZTA Gateways before 22.7R2.3, although evidence so far suggests that the attacks have primarily targeted Connect Secure appliances.
Implications for users
Organizations utilizing these Ivanti products are urged to take immediate action to secure their systems. The company has released a patch for Connect Secure, and users are encouraged to implement it without delay. Patches for Policy Secure and ZTA Gateway are expected to be available by January 21, 2025.In light of these developments, Ivanti has advised customers to review their systems for any signs of compromise, particularly looking for new or modified administrative users in their configurations. Additionally, deploying endpoint detection and response tools is recommended as part of a layered security approach.
Broader context
This vulnerability is part of a troubling trend for Ivanti, which has faced multiple security challenges in recent months. The Cybersecurity and Infrastructure Security Agency (CISA) has previously added several Ivanti vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the ongoing threat landscape surrounding the company’s products.As cyber threats continue to evolve, organizations using Ivanti’s software must remain vigilant and proactive in applying security updates and monitoring their systems for unusual activity. The current situation underscores the importance of maintaining robust cybersecurity practices to safeguard against potential breaches and data loss.In summary, the discovery of CVE-2025-0282 serves as a stark reminder of the vulnerabilities present in widely used software products and the critical need for timely updates and vigilant monitoring by IT departments across various sectors.