Critical Ivanti VPN Vulnerability Actively Exploited by Hackers

Zero-Day Flaw Puts Enterprise Networks at Risk

U.S. software company Ivanti has issued an urgent warning about a critical zero-day vulnerability (CVE-2025-0282) affecting its widely-used enterprise VPN solutions. The flaw allows attackers to remotely execute malicious code without authentication on:

  • Ivanti Connect Secure
  • Ivanti Policy Secure
  • ZTA Gateways

Key Details of the Vulnerability

  • Exploitation Status: Actively being exploited in the wild as a zero-day
  • Risk Level: Critical remote code execution (RCE) vulnerability
  • Discovery: Detected by Ivanti’s Integrity Checker Tool (ICT)
  • Affected Products:
    • Connect Secure (patch available)
    • Policy Secure & ZTA Gateways (patches expected by January 21)

Timeline of Events

  • Initial Exploitation: Observed as early as mid-December 2024 by Mandiant and Microsoft researchers
  • Public Disclosure: January 9, 2025 advisory from Ivanti
  • Secondary Vulnerability: CVE-2025-0283 identified but not yet exploited

Security Community Response

Leading cybersecurity organizations have confirmed the threat:

  • Mandiant: Suspects involvement of China-linked groups UNC5337 and UNC5221 (same actors behind 2024 Ivanti exploits)
  • NCSC (UK): Investigating active exploitation on UK networks
  • CISA: Added to Known Exploited Vulnerabilities Catalog

Expert Analysis

Ben Harris, CEO of watchTowr Labs, warns:

“We’re seeing widespread impact with all the hallmarks of an APT group targeting mission-critical infrastructure. Organizations must treat this with utmost urgency.”

Recommended Actions

  1. Immediate Patching: Apply available Connect Secure updates immediately
  2. Network Monitoring: Check for unusual activity dating back to December 2024
  3. Incident Response: Prepare for potential breach scenarios
  4. Temporary Mitigations: Consider VPN access restrictions if patching isn’t immediately possible

Historical Context

This marks the latest in a series of Ivanti vulnerabilities exploited since 2023, prompting the company’s ongoing security overhaul. Previous incidents include:

  • February 2024 mass-exploitation event
  • August 2023 zero-day attacks
  • January 2024 dual zero-day discovery

Note: Ivanti has not disclosed the number of affected customers or attribution details as of publication.

๐Ÿ“š Featured Products & Recommendations

Discover our carefully selected products that complement this article’s topics:

๐Ÿ›๏ธ Featured Product 1: Bespoke 4-Door Flex™ Refrigerator (29 cu. ft.) with Family Hub™+ in Charcoal Glass Top and Stainless Steel Bottom Panels โ€“ (RF29CB9900QKAA)

Bespoke 4-Door Flex™ Refrigerator (29 cu. ft.) with Family Hub™+ in Charcoal Glass Top and Stainless Steel Bottom Panels – (RF29CB9900QKAA) Image: Premium product showcase

Advanced bespoke 4-door flex™ refrigerator (29 cu. ft.) with family hub™+ in charcoal glass top and stainless steel bottom panels โ€“ (rf29cb9900qkaa) engineered for excellence with proven reliability and outstanding results.

Key Features:

  • Industry-leading performance metrics
  • Versatile application capabilities
  • Robust build quality and materials
  • Satisfaction guarantee and warranty

๐Ÿ”— View Product Details & Purchase

๐Ÿ›๏ธ Featured Product 2: Bespoke 30โ€ณ Stainless Steel Double Wall Oven with AI Pro Cooking™ Camera โ€“ (NV51CG700DSRAA)

Bespoke 30″ Stainless Steel Double Wall Oven with AI Pro Cooking™ Camera – (NV51CG700DSRAA) Image: Premium product showcase

Premium quality bespoke 30โ€ณ stainless steel double wall oven with ai pro cooking™ camera โ€“ (nv51cg700dsraa) designed for professional use with excellent performance and reliability.

Key Features:

  • Industry-leading performance metrics
  • Versatile application capabilities
  • Robust build quality and materials
  • Satisfaction guarantee and warranty

๐Ÿ”— View Product Details & Purchase

๐Ÿ›๏ธ Featured Product 3: Bespoke 30โ€ณ Stainless Steel Double Wall Oven with AI Pro Cooking™ Camera โ€“ (NV51CG700DSRAA)

Bespoke 30″ Stainless Steel Double Wall Oven with AI Pro Cooking™ Camera – (NV51CG700DSRAA) Image: Premium product showcase

High-quality bespoke 30โ€ณ stainless steel double wall oven with ai pro cooking™ camera โ€“ (nv51cg700dsraa) offering outstanding features and dependable results for various applications.

Key Features:

  • Cutting-edge technology integration
  • Streamlined workflow optimization
  • Heavy-duty construction for reliability
  • Expert technical support available

๐Ÿ”— View Product Details & Purchase

๐Ÿ’ก Need Help Choosing? Contact our expert team for personalized product recommendations!

Remaining 0% to read
All articles, information, and images displayed on this site are uploaded by registered users (some news/media content is reprinted from network cooperation media) and are for reference only. The intellectual property rights of any content uploaded or published by users through this site belong to the users or the original copyright owners. If we have infringed your copyright, please contact us and we will rectify it within three working days.