CFOtech Australia - Technology news for CFOs & financial decision-makers
Australia
Guides
#
cybersecurity
#
data analytics
#
data analytics
#
digital transformation
#
hybrid & remote work
Search
Story image
#
Network Security
#
Cybersecurity
#
Threat intelligence

CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild

Yesterday
By Caitlin Condon, Director of Vulnerability Intelligence, Rapid7

On Wednesday, January 8, 2025, Ivanti disclosed two CVEs affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the target device. CVE-2025-0283 is a stack-based buffer overflow that allows local authenticated attackers to escalate privileges on the device.
 
Ivanti's advisory indicates that CVE-2025-0282 has been exploited against a limited number of Connect Secure devices in the wild. Per the vendor, Ivanti Policy Secure and Neurons for ZTA are not known to have been exploited in the wild during disclosure. Google's Mandiant division and Microsoft's Threat Intelligence Center (MSTIC) are credited with the discovery of the two issues, which almost certainly means further intelligence will be released soon on one or more zero-day threat campaigns targeting Ivanti devices.
 
Ivanti also has a short blog on the new CVEs that are available here.

Mitigation guidance
 
The following products and versions are vulnerable to CVE-2025-0282:
Ivanti Connect Secure 22.7R2 through 22.7R2.4
Ivanti Policy Secure 22.7R1 through 22.7R1.2
Ivanti Neurons for ZTA 22.7R2 through 22.7R2.3
 
The following products and versions are vulnerable to CVE-2025-0283:
Ivanti Connect Secure 22.7R2.4 and prior, 9.1R18.9 and prior
Ivanti Policy Secure 22.7R1.2 and prior
Ivanti Neurons for ZTA 22.7R2.3 and prior
 
Ivanti has a full table of affected versions and corresponding solution estimates in its advisory.

As of 1 PM ET on Wednesday, January 8, patches are available for both CVEs in Ivanti Connect Secure (22.7R2.5), but the CVEs are unpatched in Ivanti Policy Secure and Neurons for ZTA (patches appear to be expected January 21, 2025, per the advisory).
 
Customers should apply available Ivanti Connect Secure patches immediately without waiting for a typical patch cycle. Ivanti's advisory notes that "Exploitation of CVE-2025-0282 can be identified by the Integrity Checker Tool (ICT). We strongly advise all customers to closely monitor their internal and external ICT as a part of a robust and layered approach to cybersecurity to ensure the integrity and security of the entire network infrastructure."
 
For the latest information, please refer to the vendor advisory.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Kyndryl forecasts 2025 cybersecurity focus on supply chains
Fintech leaders predict 2025's impact on the industry
Exclusive: Mandatory ransomware reporting key to Australia's cyber resilience
Akamai reveals $9.6m benefit and 152% ROI from Guardicore use
Stefan Krause joins artius.iD as strategic advisor
Top stories
DTCC outlines priorities for financial industry in 2025
Harnessing AI for the future of manufacturing
Binance teams up with Gasly for fan-designed F1 helmet
Profitability a priority for Australian MSPs by 2025
SAAS to invest in digital ambulance records with Dedalus