Ethical Hacking News
Ivanti has issued a critical warning regarding a newly discovered zero-day vulnerability in their Connect Secure appliances, which allows unauthenticated attackers to remotely execute code on devices running the solution before version 22.7R2.5. To mitigate this risk, Ivanti is urging administrators to take immediate action and perform internal and external ICT scans to detect any signs of exploitation or malware infection.
Ivanti has issued a critical warning about a newly discovered zero-day vulnerability in their Connect Secure appliances (CVE-2025-0282). The vulnerability allows unauthenticated attackers to remotely execute code on devices running Ivanti Connect Secure before version 22.7R2.5. Ivanti has released a firmware patch to resolve the vulnerability, but it's not yet available for all affected products until January 21. Administrators are urged to perform internal and external ICT scans to detect signs of exploitation or malware infection and take action accordingly. A factory reset is recommended as a precautionary measure to ensure no malicious software is installed on the device.
Ivanti, a leading provider of unified endpoint management and security solutions, has issued a critical warning regarding a newly discovered zero-day vulnerability in their Connect Secure appliances. This vulnerability, tracked as CVE-2025-0282, poses a significant threat to organizations that rely on Ivanti's Connect Secure solution for secure remote access.
According to Ivanti's own investigations, the vulnerability was detected by the company's Integrity Checker Tool (ICT) when it detected malicious activity on customers' appliances. An investigation was subsequently launched, which confirmed that threat actors were actively exploiting CVE-2025-0282 as a zero-day attack to install malware on compromised appliances.
The nature of this vulnerability is that it allows unauthenticated attackers to remotely execute code on devices that are running Ivanti Connect Secure before version 22.7R2.5. This makes it possible for attackers to gain unauthorized access to these devices and potentially deploy malicious software without being detected. However, it's worth noting that Ivanti Policy Secure and Neurons for ZTA gateways do not appear to have been exploited by this particular vulnerability, as no reports of exploitation have come in from Ivanti.
To mitigate this risk, Ivanti has released a firmware patch that resolves the vulnerability in version 22.7R2.5. However, it's worth noting that patches for Ivanti Policy Secure and Neurons for ZTA gateways will not be available until January 21, according to a security bulletin published today.
In response to this new threat, Ivanti is urging all administrators of Connect Secure appliances to take immediate action. This includes performing internal and external ICT scans to detect any signs of exploitation or malware infection. If the scans indicate that an appliance has been compromised, it's recommended that administrators perform a factory reset before upgrading to the patched firmware.
However, if the scans come back clean, Ivanti still recommends performing a factory reset as a precautionary measure to ensure that no malicious software is installed on the device. After the factory reset, the appliance should be put back into production using version 22.7R2.5.
Furthermore, Ivanti has also issued a security update for a second vulnerability tracked as CVE-2025-0283. This flaw allows an authenticated local attacker to escalate their privileges. However, Ivanti notes that this vulnerability is not currently being exploited or chained with the first one.
It's worth noting that the fact that attackers have been exploiting this zero-day vulnerability in real-world attacks underscores the importance of patching and staying up-to-date on security software and firmware. Organizations must prioritize proactive security measures to protect themselves against emerging threats like CVE-2025-0282.
Related Information:
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-flaw-used-in-zero-day-attacks/
https://www.securityweek.com/ivanti-warns-of-new-zero-day-attacks-hitting-connect-secure-product/
https://nvd.nist.gov/vuln/detail/CVE-2025-0282
https://www.cvedetails.com/cve/CVE-2025-0282/
https://nvd.nist.gov/vuln/detail/CVE-2025-0283
https://www.cvedetails.com/cve/CVE-2025-0283/
Published: Wed Jan 8 15:18:53 2025 by llama3.2 3B Q4_K_M
