Source URL: https://www.theregister.com/2025/01/09/zeroday_exploits_ivanti/
Source: The Register
Title: Zero-day exploits plague Ivanti Connect Secure appliances for second year running
Feedly Summary: Factory resets and apply patches is the advice amid fortnight delay for other appliances
The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts “seriously" as Ivanti battles two dangerous new vulnerabilities, one of which was already being exploited as a zero-day.…
AI Summary and Description: Yes
**Summary:** The text discusses two severe vulnerabilities found in Ivanti products, one of which is actively exploited as a zero-day. The critical vulnerability CVE-2025-0282 allows for unauthenticated remote code execution, while CVE-2025-0283 enables privilege escalation. The situation is compounded by a history of Ivanti security flaws, urging immediate action from organizations to mitigate risks.
**Detailed Description:**
The text highlights critical security vulnerabilities in Ivanti’s products, emphasizing the importance of prompt mitigation efforts in the cybersecurity domain. The key points discussed are as follows:
– **Vulnerability Overview:**
– **CVE-2025-0282 (Severity 9.0 – Critical):** This stack-based buffer overflow can lead to unauthenticated remote code execution. It has been actively exploited and affects:
– Ivanti Connect Secure (prior to version 22.7R2.5)
– Ivanti Policy Secure (prior to version 22.7R1.2)
– Ivanti Neurons for ZTA gateways (prior to version 22.7R2.3)
– **CVE-2025-0283 (Severity 7.0 – High):** Another stack-based buffer overflow that allows privilege escalation for locally authenticated attackers. The same versions of the products are affected.
– **Exploitation Context:**
– The urgency is heightened as CVE-2025-0282 is already a zero-day vulnerability exploited in the wild.
– Mandiant has been involved in investigating these exploits, noting the potential for widespread opportunistic exploitation by multiple threat actors, including advanced persistent threat (APT) groups.
– **Company Response & Mitigation Recommendations:**
– Ivanti has advised customers to use their Integrity Checker Tool (ICT) to assess the state of their appliances, but warned that it should not solely be relied upon to detect ongoing threats.
– Customers are encouraged to upgrade to the patched versions as soon as possible. Specific patches are available for Connect Secure, while others will only be available weeks later.
– The advisory stresses the importance of taking the vulnerabilities seriously, potentially pulling vulnerable appliances offline until patches can be applied.
– **Impact on Organizations:**
– Organizations using Ivanti products must act swiftly to mitigate risks, which may include:
– Upgrading to the latest software versions.
– Monitoring for indicators of compromise.
– Being prepared for the possibility of follow-up attacks exploiting these vulnerabilities or others found in the future.
– **Threat Landscape:**
– The text notes the emergence of new malware families associated with these vulnerabilities, suggesting a dynamically evolving threat landscape that organizations must navigate.
In summary, the text serves as a critical alert for IT and security professionals regarding the necessity of prompt vulnerability management to protect organizational assets against emerging threats associated with Ivanti products.