13/68 Friday, January 10, 2025
Ivanti, a provider of cybersecurity solutions, has disclosed the exploitation of a zero-day vulnerability identified as CVE-2025-0282 in its Ivanti Connect Secure product. This vulnerability allows hackers to execute remote code and install malware on affected systems. CVE-2025-0282 is classified as a critical buffer overflow vulnerability with a severity score of 9.0, affecting three products:
- Ivanti Connect Secure (prior to version 22.7R2.5)
- Ivanti Policy Secure (prior to version 22.7R1.2)
- Ivanti Neurons for ZTA Gateway (prior to version 22.7R2.3)
Although the vulnerability exists in all three products, Ivanti has confirmed that the attack targets only Ivanti Connect Secure. A firmware update (version 22.7R2.5) has already been released to address the issue for Connect Secure. However, updates for Policy Secure and Neurons for ZTA Gateway are scheduled to be released on January 21, 2025.
Ivanti emphasized that devices not connected to the internet or configured securely have a lower risk of being compromised. The company provided the following recommendations for system administrators:
- Use the Ivanti Integrity Checker Tool (ICT) to scan for potentially compromised devices.
- If no irregularities are found, perform a factory reset before updating to the latest version.
- If signs of an attack are detected, perform a factory reset to remove malware and then install the latest firmware version.
This is not the first time Ivanti has faced zero-day cyberattacks. In October 2024, the company addressed three vulnerabilities in its Cloud Services Appliance (CSA) that had been heavily exploited. This incident underscores the importance of regular system and security tool updates to mitigate potential damage from increasingly sophisticated cyber threats.
