Ivanti Urges Patch for Flaws in Connect Secure, Policy Secure and ZTA Gateways

****SUMMARY****

• Critical Vulnerabilities Identified: Ivanti has disclosed two critical vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Connect Secure, Policy Secure, and ZTA Gateways, with CVE-2025-0282 already being actively exploited.

• Impact of Vulnerabilities: CVE-2025-0282 allows unauthenticated remote attackers to execute arbitrary code, potentially gaining full control of affected systems. CVE-2025-0283 enables local authenticated attackers to escalate privileges, posing significant security risks.

• Patch Availability: Ivanti has released a patch for Connect Secure (version 22.7R2.5) addressing both vulnerabilities. Patches for Policy Secure and ZTA Gateways are expected by January 21, 2025.

• Recommended Actions: Ivanti advises organizations to immediately patch Connect Secure systems, isolate vulnerable Policy Secure and ZTA Gateways, and monitor systems closely using tools like the Integrity Checker Tool (ICT).

• Expert Warning: Experts highlight the urgency of patching and maintaining heightened vigilance against potential cyberattacks, citing past incidents like the Akira breach as reminders of the risks involved.

Ivanti has raised concerns about two remotely exploitable vulnerabilities in its enterprise-facing products, with one bug already being exploited in the wild.

According to Ivanti’s security advisory, the company has addressed two critical vulnerabilities (CVE-2025-0282 and CVE-2025-0283) affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways.

CVE-2025-0282, the more critical of the two, is a stack-based buffer overflow vulnerability in Ivanti Connect Secure. This vulnerability allows unauthenticated remote attackers to execute arbitrary code on vulnerable systems. Essentially, attackers can remotely compromise the system without any prior knowledge or credentials, potentially gaining complete control over the affected appliance.

CVE-2025-0283, while still a high-severity vulnerability, is less critical. This vulnerability, also a stack-based buffer overflow, allows local authenticated attackers to escalate their privileges on the system. This means that an attacker who already has legitimate access to the system can exploit this vulnerability to gain higher-level privileges, potentially compromising sensitive data or disrupting critical operations.

Ivanti has released a patch for Connect Secure (version 22.7R2.5), addressing both vulnerabilities. However, patches for Policy Secure and ZTA Gateways are not yet available and are scheduled for release on January 21st, 2025.

Given the active exploitation of CVE-2025-0282, Ivanti strongly urges organizations to prioritize patching their Connect Secure appliances immediately. For Policy Secure and ZTA Gateways, proactive measures such as temporarily isolating affected systems are recommended until the patches become available.

To mitigate the risks associated with these vulnerabilities, Ivanti recommends applying the latest patches as soon as they become available. For Connect Secure, upgrading to version 22.7R2.5 is suggested. Moreover, closely monitoring systems using the Integrity Checker Tool (ICT) and other security monitoring tools is essential to detect any signs of compromise.

In addition, the company recommends Policy Secure and ZTA Gateways users consider isolating affected systems from the network until the patches are applied. Organizations utilizing Ivanti products should prioritize implementing these recommendations to mitigate the risks associated with these vulnerabilities.

Martin Jartelius, CISO at Outpost24 commented on the latest development urging impacted parties to immediately install patches. “Last time we had an Ivanti zero-day exploitation, the attackers shifted to their active/destructive phase as the patch became available, so anyone impacted should firstly patch at once, and secondly, review their readiness in incident response and keep extra eyes on their monitoring for the near future.“

1. Hackers Target Ivanti Users Despite Patches
2. Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks
3. Ivanti VPN Flaws Exploited to Spread KrustyLoader Malware
4. Magnet Goblin Hackers Using Ivanti Flaws to Drop Linux Malware
5. Dell Urges Immediate Update to Fix Power Manager Vulnerability