iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Popular IT solutions firm Ivanti issues advisory regarding two vulnerabilities present in Ivanti Connect Secure, Policy Secure and ZTA gateways.
IT company Ivanti released a security advisory on 8 January, warning of one critical and one high vulnerability in its Ivanti Connect Secure, Policy Secure and ZTA gateway appliances.
CVE-2025-0282 may allow a malicious attacker to remotely execute unauthenticated code, while CVE-2025-0283 might allow that same attacker to escalate their privileges.
While Ivanti is not aware of any exploitation of the latter vulnerability, it sadly cannot say the same about the former.
“We are aware of a limited number of customers’ Ivanti Connect Secure appliances being exploited by CVE-2025-0282 at the time of disclosure,” Ivanti said in its security advisory.
“We are not aware of these CVEs being exploited in Ivanti Policy Secure or ZTA gateways.”
Here is a detailed list of which products and versions are impacted by each CVE.
CVE-2025-0282:
CVE-2025-0283:
Patches are currently available for Ivanti Connect Secure, while Ivanti Policy Secure and Ivanti Neurons for ZTA gateways will receive a patch on 21 January.
For those concerned about possible exploitation, Ivanti suggests using its Integrity Checker Tool.
“Exploitation of CVE-2025-0282 can be identified by the Integrity Checker Tool (ICT),” Ivanti said.
“We strongly advise all customers to closely monitor their internal and external ICT as a part of a robust and layered approach to cyber security to ensure the integrity and security of the entire network infrastructure.”
Speaking of the vulnerabilities, cyber security firm Rapid7 said that Ivanti customers “should apply available Ivanti Connect Secure patches immediately, without waiting for a typical patch cycle to occur”.
The vulnerabilities were identified with the assistance of Google’s Mandiant and Microsoft’s Threat Intelligence Center. You can learn more about them here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
