Vulnerability Exploits

Ivanti warns of new Connect Secure flaw used in zero-day attacks

The latest news on the Ivanti Connect Secure vulnerability involves a zero-day attack that was recently disclosed and addressed by Ivanti. Here are the key highlights:

Vulnerability Disclosure:
- Ivanti has disclosed two vulnerabilities affecting its Connect Secure, Policy Secure, and Neurons for Zero Trust Access (ZTA) gateways1 4.
- The vulnerabilities are stack-based buffer overflows, with CVE-2025-0282 being a remotely exploitable code execution flaw and CVE-2025-0283 allowing a local authenticated attacker to escalate privileges1 4.
In-the-Wild Exploitation:
- Ivanti has confirmed that CVE-2025-0282 has been exploited in the wild, affecting a "limited number" of customers' Ivanti Connect Secure appliances1 4.
- There is no indication that CVE-2025-0283 has been exploited or chained with CVE-2025-02821.
Patch Availability:
- Patches are available for supported versions of Ivanti Connect Secure, with updates for Policy Secure and Neurons for ZTA gateways expected on January 21, 20251 4.
- Ivanti recommends using the Integrity Checker Tool (ICT) to verify if the image installed on Connect Secure appliances has been modified. If changes are detected, customers should perform a factory reset and update to the fixed version (v22.7R2.5)1 4.
Impact on Cybersecurity:
- The exploitation of these vulnerabilities highlights the ongoing threat of zero-day attacks and the importance of timely patching and vulnerability management in maintaining robust cybersecurity1 4.
- Ivanti's prompt response and collaboration with security firms like Google’s Mandiant and Microsoft’s Threat Intelligence Center demonstrate the company's commitment to addressing such threats effectively1.

In summary, the recent zero-day attack on Ivanti Connect Secure underscores the need for continuous vigilance and swift action in addressing emerging vulnerabilities to ensure the integrity of cybersecurity systems.

Unpatched critical flaws impact Fancy Product Designer WordPress plugin

Latest News on Fancy Product Designer WordPress Vulnerabilities Critical Flaws in Fancy Product Designer Plugin: The Fancy Product Designer WordPress plugin, developed by Radykal, has been identified with two critical severity flaws that remain unfixed in the current latest version4. These vulnerabilities include: 1. SQL Injection: The plugin is vulnerable

Ivanti warns of new Connect Secure flaw used in zero-day attacks - BleepingComputer

Ivanti has recently issued a warning about a new zero-day vulnerability in its Connect Secure product, which has been exploited by hackers to install malware on appliances. Here are the key details: Key Highlights: 1. Vulnerability Details: * The vulnerability, tracked as CVE-2025-0282, is a critical (CVSS 9.0) stack-based buffer

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) - Help Net Security

As of January 8, 2025, there is no specific information available on a CVE-2025-0282 exploit for Ivanti Connect Secure. However, there have been recent reports and advisories regarding Ivanti's vulnerabilities, particularly in the context of zero-day exploits and remote code execution. Key Points: 1. Ivanti Vulnerabilities: In 2024,

Read next