Ivanti Vulnerability Known Active Exploitation - 20250109001

Overview

Ivanti have released an advisory that addresses vulnerabilities impacting multiple products. Successful exploitation could lead to unauthenticated remote code execution, and allow a local authenticated attacker to escalate privileges.

Ivanti is aware of active exploitation in the wild.

What is vulnerable?

CVE	Product(s): Version(s) Affected	CVSS	Severity
CVE-2025-0282	- Ivanti Connect Secure: 22.7R2 through 22.7R2.4 - Ivanti Policy Secure: 22.7R1 through 22.7R1.2 - Ivanti Neurons for ZTA gateways: 22.7R2 through 22.7R2.3	9.0	Critical
CVE-2025-0283	- Ivanti Connect Secure: 22.7R2.4 and prior - Ivanti Connect Secure: 9.1R18.9 and prior - Ivanti Policy Secure: 22.7R1.2 and prior - Ivanti Neurons for ZTA gateways: 22.7R2.3 and prior	7.0	High

What has been observed?

Ivanti is aware of active exploitation in the wild. CISA added this vulnerability in their Known Exploited Vulnerabilities catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 Hours... (refer Patch Management):

• Ivanti Advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US

Additional Resources

• CISA Advisory: https://www.cisa.gov/news-events/alerts/2025/01/08/ivanti-releases-security-updates-connect-secure-policy-secure-and-zta-gateways
• BleepingComputer: https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-flaw-used-in-zero-day-attacks/