January 13, 2025: Widely used SSL VPN appliance Ivanti has issued a warning of a critical securely flaw impacting multiple products and one that is being actively exploited by cyber threat actors.
The vulnerability that has been discovered as being actively exploited is tracked as CVE-2025-0282 and has a CVSS score of 9.0/10 and impacts Ivanti Connect Secure before version 22.7R2.5 and could lead to remote code execution.
Ivanti’s advisory stated that “successful exploitation could lead to unauthenticated remote code execution. Threat actor activity was identified by the Integrity Checker Tool (ICT) on the same day it occurred, enabling Ivanti to respond promptly and rapidly develop a fix.”
The company has acknowledged that it is aware of a “limited number of customers” that have been exploited by the vulnerability.
There are also two additional product Ivanti products impacted by vulnerabilities – Ivanti Policy Secure 22.7R1 through 22.7R1.2 and Ivanti Neurons for ZTA gateways 22.7R2 through 22.7R2 that are not currently known to be exploited at this time.
Impact of Ivanti Connect Secure
Ivanti’s SSL VPN solution is widely used across major industries. The vulnerability is a stack-based buffer overflow that can be exploited by cyber threat actors by sending malicious codes to the applications of these products and allows them to take control of through remote code execution.
This was a zero-day vulnerability that was discovered in December of 2024, meaning it was being exploited by cyber threat actors before it could be fixed. It is believed that China-linked groups are behind the exploitation of the flaw.
Patching and Mitigating Ivanti Connect Secure Vulnerability
There are multiple recommendations for the Ivanti Connect Secure vulnerability due to that being the actively exploited issue. Ivanti has issued a patch, which is resolved in firmware version 22.7R2.5.
Ivanti also recommends that all Connect Secure admins perform internal and external ICT Scans.
If the scan comes back clean, you should still perform a factory reset before upgrading to firmware version 22.7R2.5.
If the scan comes back as compromised, you should still perform a factory reset before upgrading to 22.7R2.5.
Patches for vulnerabilities that impact Ivanti Policy Secure 22.7R1 through 22.7R1.2 and Ivanti Neurons for ZTA gateways 22.7R2 through 22.7R2 will not be available until January 21.
Cybersecurity Solutions
It’s important to make patching and updating part of your regular cybersecurity policies.
Zero-day vulnerabilities cannot be prevented since the definition is that they exploited by cyber threat actors before they are discovered, which underscores the importance of cyber resilient practices such as third-party monitoring and vulnerability assessments.
When you are impacted by a zero-day vulnerability, it’s important to have an incident response plan that includes disconnecting systems and segmenting networks, remediation from unauthorized access to systems and patching.
Risk assessments are especially important when there is a known vulnerability where there is currently a wait for a patch to be issued.
When any vulnerabilities are known or exploited by any devices or software used on your network, a cybersecurity risk assessment is also recommended to get help determining vulnerabilities in your network and get actionable recommendations based on real data captured from your network through our assessment, including immediate remediation options. Regular cybersecurity risk assessments should be part of your organization’s cybersecurity policy.
SecuLore CyberSight™ provides management of your attack surface and monitoring through our patented technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers)
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.