The National Cyber Security Centre (NCSC) in the UK and its US counterpart have issued urgent warnings to Ivanti customers to address two new vulnerabilities, one of which is already being exploited. Ivanti recently released a security advisory highlighting two stack-based buffer overflow flaws in its Ivanti Connect Secure, Policy Secure, and ZTA gateways products.
The first vulnerability, CVE-2025-0282, is considered a critical zero-day vulnerability with a CVSS score of 9.0 that could potentially allow unauthenticated remote code execution (RCE). This vulnerability affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3. The second vulnerability, CVE-2025-0283, could enable a local authenticated attacker to escalate privileges and impacts the same products.
The discovery of these vulnerabilities was credited to researchers at Microsoft and Google Mandiant, with the latter confirming instances of zero-day exploitation of CVE-2025-0282 starting in mid-December 2024. Despite the exploitation of CVE-2025-0282 in some Ivanti Connect Secure appliances, there have been no reported instances of exploitation for Ivanti Policy Secure or ZTA gateways.
Fortunately, patches have been made available for both vulnerabilities, with the fix currently only applicable to Ivanti Connect Secure users. Those utilizing Ivanti Policy Secure and Ivanti Neurons for ZTA gateways will have to wait until January 21 for a solution. The NCSC and US Cybersecurity and Infrastructure Security Agency (CISA) have echoed Ivanti’s recommendations for affected users, including running Ivanti’s Integrity Checker Tool (ICT) to identify exploitation, reporting compromised systems to the authorities, performing necessary factory resets, and installing the latest security updates.
The NCSC has been proactive in investigating the potential impact of these vulnerabilities on UK networks, emphasizing the importance of continuous monitoring and threat hunting to mitigate risks. It is crucial for Ivanti customers to take immediate action to secure their systems and prevent further exploitation.
It is worth noting that nearly a year ago, a significant authentication bypass vulnerability was discovered in Ivanti’s Connect Secure, Policy Secure, and ZTA gateways, underscoring the ongoing importance of robust cybersecurity practices and timely updates. In today’s ever-evolving threat landscape, staying vigilant and promptly addressing vulnerabilities is paramount to safeguarding sensitive information and maintaining a secure digital environment.