Ivanti has disclosed a critical security breach involving a zero-day vulnerability (CVE-2025-0282) affecting their Connect Secure remote access solutions. The flaw, rated 9.0 in severity, allows unauthorized attackers to execute malicious code remotely through a stack-based buffer overflow exploitation.
Impact and Affected Products:
– Ivanti Connect Secure (versions before 22.7R2.5)
– Ivanti Policy Secure (versions before 22.7R1.2)
– Ivanti Neurons for ZTA gateways (versions before 22.7R2.3)
Current Status:
– Active exploitation confirmed only in Ivanti Connect Secure appliances
– Emergency patches released for Connect Secure (version 22.7R2.5)
– Updates for Policy Secure and Neurons for ZTA expected by January 21, 2025
Security Measures:
1. Immediate patches available for Connect Secure
2. Policy Secure users advised to ensure devices aren’t internet-facing
3. Neurons for ZTA Gateways considered safe when properly connected to controllers
Recommended Actions:
– Administrators should conduct internal and external ICT scans
– Perform factory reset before upgrading to version 22.7R2.5
– Implement immediate patching where available
A second vulnerability (CVE-2025-0283) was also disclosed, allowing privilege escalation for authenticated users, though no active exploitation has been reported. Ivanti is collaborating with Mandiant and Microsoft Threat Intelligence Center to investigate these security incidents.