WARNING: Critical Ivanti Vulnerability Actively Exploited

Organizations are urged to act immediately to mitigate vulnerabilities in Ivanti Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-0282 and CVE-2025-0283) by following the latest guidance from Ivanti.

What Happened?

Ivanti has disclosed two stack-based buffer overflow vulnerabilities affecting the following products:

• Ivanti Connect Secure
• Ivanti Policy Secure
• Ivanti Neurons for ZTA Gateways

Details of Vulnerabilities:

• CVE-2025-0282: Rated critical with a CVSS score of 9.0. A stack-based buffer overflow in older versions of the above products enables remote, unauthenticated attackers to execute arbitrary code.
• CVE-2025-0283: Rated high with a CVSS score of 7.0. A stack-based buffer overflow allows local, authenticated attackers to escalate privileges.

Affected Versions: These vulnerabilities exist in versions prior to:

• 22.7R2.5 for Ivanti Connect Secure
• 22.7R1.2 for Ivanti Policy Secure
• 22.7R2.3 for Ivanti Neurons for ZTA Gateways

Exploitation Status

Ivanti has reported active exploitation of CVE-2025-0282 targeting Ivanti Connect Secure. .

Who is Affected?

Organizations using Ivanti Connect Secure, Policy Secure, or Neurons for ZTA Gateways are at risk.

Recommended Actions

To mitigate these vulnerabilities, follow these priority steps:

1. Run the Ivanti external Integrity Checker Tool (ICT). The ICT offers a snapshot of the current state of the appliance and cannot necessarily detect threat actor activity if the appliance has been returned to a clean state. The ICT does not scan for malware or indicators of compromise (IoCs).
2. Before installing updates, the vendor recommends performing a factory reset.
3. Install the latest security update: Ivanti Connect Secure version 22.7R2.5 or later available now.Ivanti Policy Secure update due 21 Jan 2025. This product should not be exposed to the internet.Ivanti Neurons for ZTA gateways update due 21 Jan 2025. If a gateway for this solution is generated and left unconnected to a ZTA controller, then there is a risk of exploitation.
4. Perform continuous monitoring and threat hunting activities.

By taking these actions promptly, organizations can reduce the risk of exploitation and strengthen the security of their environments.

It is worth noting the company emphasized that the Ivanti Policy Secure product is not designed to be exposed directly to the internet, which considerably reduces the risk of exploitation. A fix for the Ivanti Policy Secure product is scheduled for release on January 21, 2025.