Curated Content | Thought Leadership | Technology News

Ivanti Security Flaws Under Attack: Experts Urge Immediate Action

Remote code execution and privilege escalation.
TNCR Staff
Representation of industrial espionage. Identification of an industrial spy in the team.

Ivanti, a prominent provider of IT software, has issued a warning about the active exploitation of a critical vulnerability, CVE-2025-0282, in its widely used Connect Secure, Policy Secure, and ZTA Gateways products.

This vulnerability, which allows unauthenticated remote code execution, has already been exploited by hackers, putting organizations at risk of data breaches and operational disruptions. Alongside CVE-2025-0282, Ivanti also disclosed another related vulnerability, CVE-2025-0283, which poses a threat of privilege escalation but has not yet been exploited.

The flaws have significant implications for Ivanti customers across both government and private sectors, as their VPN solutions serve as crucial access points for corporate and agency networks.

Exploits have been observed as far back as December 2024, with a China-linked threat actor suspected of leveraging these vulnerabilities to deploy advanced malware frameworks, including SPAWN and PHASEJAM.

The U.S. Cybersecurity and Infrastructure Security Agency has added CVE-2025-0282 to its Known Exploited Vulnerabilities catalog, urging federal agencies and organizations to patch affected systems immediately. Ivanti has emphasized that patches are available for some products, while updates for others will be released by January 21, 2025.

Why It Matters: The Ivanti vulnerabilities highlight the growing risks posed by attacks on critical VPN systems, which serve as gateways to some of the most sensitive networks in government and private organizations. These exploits not only enable unauthorized access and malware deployment but also demonstrate advanced methods like log manipulation and persistent system compromise. With Ivanti’s products deeply embedded in critical infrastructure, the potential for disruption and data breaches requires immediate attention from customers.

  • Vulnerabilities and Exploitation: CVE-2025-0282 enables unauthenticated remote code execution, while CVE-2025-0283 allows for privilege escalation. Exploitation of CVE-2025-0282 has been observed in active attacks as early as December 2024, with evidence pointing to a China-linked threat actor.
  • Impact on Products and Customers: Ivanti’s Connect Secure, Policy Secure, and ZTA Gateways are affected, with Connect Secure already being exploited by hackers. While patches for some systems are available, updates for Policy Secure and ZTA Gateways are expected by January 21, 2025.
  • Advanced Attack Techniques: Hackers deployed SPAWN, PHASEJAM, and DRYHOOK malware, employing methods to disable SELinux, manipulate system logs, and block legitimate software updates. These actions reflect highly coordinated and persistent threat actor activity.
  • Response and Mitigation: Ivanti has released an Integrity Checker Tool (ICT) to help customers detect compromises. Affected organizations are urged to patch systems, perform factory resets if compromised, and refrain from exposing devices to the internet.

Go Deeper -> Ivanti Warns Hackers are Exploiting New Vulnerability – The Record

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure – The Hacker News

Hackers are Exploiting a New Ivanti VPN Security Bug to Hack into Company Networks – Tech Crunch

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters