Ivanti warns of new Connect Secure flaw used in zero-day attacks - BleepingComputer

Ivanti has recently issued a warning about a new zero-day vulnerability in its Connect Secure product, which has been exploited by hackers to install malware on appliances. Here are the key details:

Key Highlights:

1. Vulnerability Details:

   • The vulnerability, tracked as CVE-2025-0282, is a critical (CVSS 9.0) stack-based buffer overflow bug in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3135.
   • This flaw allows an unauthenticated attacker to remotely execute code on devices15.

2. Exploitation and Impact:

   • Ivanti has confirmed that a limited number of customers' Ivanti Connect Secure appliances have been exploited by CVE-2025-0282 at the time of disclosure135.
   • No exploitation has been observed in Ivanti Policy Secure or Neurons for ZTA Gateways135.

3. Mitigation and Patches:

   • Patches for Ivanti Connect Secure are available in firmware version 22.7R2.5, which resolves the vulnerability135.
   • Patches for Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways are expected to be released on January 21, 2025135.
   • Ivanti recommends performing internal and external ICT scans and, if necessary, a factory reset on compromised appliances before upgrading to the latest version135.

4. Additional Vulnerability:

   • Ivanti also identified a second vulnerability, CVE-2025-0283, which is rated at 7.0 on the CVSS scale and involves a stack-based buffer overflow that allows an authenticated local attacker to escalate privileges5.
   • No exploitation of CVE-2025-0283 has been reported as of the disclosure date5.

5. Recommendations and Monitoring:

   • Ivanti advises all customers to closely monitor their internal and external ICT as part of a robust and layered approach to cybersecurity to ensure the integrity and security of the entire network infrastructure5.
   • The company urges customers not to expose any of their devices to the internet, a recommendation also made by federal cybersecurity agencies3.

Detailed Context:

Ivanti's warning comes after the company became aware of the vulnerabilities through its Integrity Checker Tool (ICT), which detected malicious activity on customers' appliances. The company is working closely with Mandiant and the Microsoft Threat Intelligence Center to investigate the attacks and provide more information about the threat actor activity to affected customers13.

Trustworthy Citations:

• 1 BleepingComputer: "Ivanti warns of new Connect Secure flaw used in zero-day attacks"
• 3 The Record: "Ivanti warns hackers are exploiting new vulnerability"
• 5 Security Online: "CVE-2025-0282 (CVSS 9.0): Ivanti Confirms Active Exploitation of Critical Flaw"

These sources provide comprehensive and up-to-date information on the latest news regarding the Ivanti Connect Secure zero-day vulnerability and the associated security risks.