ChannelLife India - Industry insider news for technology resellers
India
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
Story image
#
Cybersecurity
#
Security vulnerabilities
#
Ivanti

Ivanti issues patch for critical security vulnerability

Yesterday
Author image
By Sean Mitchell, Publisher

Two critical vulnerabilities affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways have been disclosed, with one already being exploited in the wild.

Ivanti announced the discovery of CVE-2025-0282, a stack-based buffer overflow vulnerability, which permits remote, unauthenticated attackers to execute code on targeted devices. Additionally, CVE-2025-0283, another stack-based buffer overflow vulnerability, allows local authenticated attackers to escalate their privileges. The vulnerabilities were jointly discovered by Google's Mandiant division and Microsoft's Threat Intelligence Center (MSTIC).

According to Ivanti's advisory, CVE-2025-0282 has already been exploited in a limited number of Connect Secure devices. However, there have been no reports of Ivanti Policy Secure and Neurons for ZTA being exploited at the time of the disclosure.

Director of Vulnerability Intelligence at Rapid7, Caitlin Condon, noted that further intelligence regarding zero-day threat campaigns targeting Ivanti devices is likely to emerge due to these discoveries.

The products and versions susceptible to CVE-2025-0282 include Ivanti Connect Secure versions 22.7R2 through 22.7R2.4, Ivanti Policy Secure versions 22.7R1 through 22.7R1.2, and Ivanti Neurons for ZTA versions 22.7R2 through 22.7R2.3. CVE-2025-0283 affects Ivanti Connect Secure versions 22.7R2.4 and earlier, 9.1R18.9 and earlier, Ivanti Policy Secure version 22.7R1.2 and previous versions, and Ivanti Neurons for ZTA version 22.7R2.3 and earlier.

Patches for both vulnerabilities are currently available for Ivanti Connect Secure version 22.7R2.5. Ivanti Policy Secure and Neurons for ZTA remain unpatched for these vulnerabilities, although fixes are projected to be released later this month.

The advisory encourages customers to apply the available patches for Ivanti Connect Secure immediately, without awaiting a regular patch cycle. "Exploitation of CVE-2025-0282 can be identified by the Integrity Checker Tool (ICT). We strongly advise all customers to closely monitor their internal and external ICT as a part of a robust and layered approach to cybersecurity to ensure the integrity and security of the entire network infrastructure," reads Ivanti's advisory.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Exabeam launches new security platform with Open API
Sysdig earns top accolade in Gartner customer choice 2024
Hitachi Vantara's VSP One lauded as primary storage leader
SentinelOne honoured as 2024 Gartner Customers' Choice
Media companies are going big on data – but workflow challenges loom
Top stories
Integrity360 acquires Nclose to boost global expansion plans
Nureva promotes Abbott & Rempel to senior roles
WatchGuard acquires ActZero to boost cybersecurity services
Ingram Micro promotes Sanjib Sahoo to lead global platform
SER Group named leader in Gartner's 2024 Magic Quadrant