icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Ivanti Warns of Critical Connect Secure Vulnerability Exploited in Zero-Day Attacks

Summary:
Ivanti has issued an urgent warning regarding a critical remote code execution vulnerability, CVE-2025-0282, that is being actively exploited in zero-day attacks targeting Ivanti Connect Secure appliances. This flaw, rated 9.0 in severity, affects versions of Ivanti Connect Secure prior to 22.7R2.5, Ivanti Policy Secure before 22.7R1.2, and Ivanti Neurons for ZTA gateways prior to 22.7R2.3.

Threat actors have used this vulnerability to install malware on affected devices, with Ivanti confirming that Connect Secure appliances are the primary targets. While Ivanti Policy Secure and Neurons for ZTA gateways are also vulnerable, no exploitation has been observed on those platforms.

Details of the Vulnerability:

  • CVE-2025-0282: A stack-based buffer overflow that allows unauthenticated remote code execution.
  • Affected Products:
    • Ivanti Connect Secure (pre-22.7R2.5)
    • Ivanti Policy Secure (pre-22.7R1.2)
    • Ivanti Neurons for ZTA (pre-22.7R2.3)
  • Exploitation Status: Actively exploited on Connect Secure appliances.

Patches and Suggested Corrections:

  • Ivanti Connect Secure: Patched in firmware version 22.7R2.5 (available immediately).
  • Ivanti Policy Secure and Neurons for ZTA: Patches scheduled for January 21, 2025.
    • Policy Secure Risk: Lower because the solution is not intended to be internet-facing.
    • ZTA Risk: Exploitation only possible if a gateway is generated but left unconnected to the ZTA controller.

Recommendations:

  • Immediate Action for Connect Secure Admins:
    • Conduct internal and external ICT (Integrity Checker Tool) scans.
    • If scans are clean, perform a factory reset before upgrading to 22.7R2.5.
    • If malware is detected, perform a factory reset to remove it and upgrade to the patched firmware.
  • Policy Secure Admins: Ensure appliances are not exposed to the internet and apply patches when available.
  • ZTA Admins: Avoid leaving unconnected gateways in production until patches are available.

Additional Vulnerability:

  • CVE-2025-0283: A second vulnerability allowing local privilege escalation has been patched but is not known to be actively exploited.

Ongoing Investigation:
Ivanti is collaborating with Mandiant and Microsoft Threat Intelligence Center to investigate these attacks further. Reports on malware associated with this incident are expected soon.

Context and Previous Incidents:
This follows a series of zero-day exploits targeting Ivanti products, including an October 2024 attack on Cloud Services Appliances (CSA). These incidents highlight the ongoing threat to Ivanti’s products and the need for immediate patching and proactive security measures.

Sources:
https://www.bleepingcomputer.com/ne...connect-secure-flaw-used-in-zero-day-attacks/
https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways

Contact Us for Threat Assistance
Back to Current Threats