HomeRisk ManagementsIvanti alerts about critical remote code execution vulnerability in Connect Secure being...

Ivanti alerts about critical remote code execution vulnerability in Connect Secure being actively targeted as zero-day exploit

Published on

spot_img

Ivanti, a leading IT software provider, has recently rolled out patches for its Connect Secure SSL VPN appliances to tackle two critical memory corruption vulnerabilities. One of these vulnerabilities, identified as CVE-2025-0282, has been actively exploited in the wild as a zero-day exploit to compromise devices. This particular vulnerability, categorized as a stack-based buffer overflow, has received a critical rating with a CVSS score of 9.0. Notably, this flaw does not require authentication for exploitation and can potentially result in remote code execution. The affected products include Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways.

Furthermore, the second vulnerability uncovered, designated as CVE-2025-0283, is also a stack-based buffer overflow affecting the same products. However, this vulnerability necessitates authentication for exploitation and is limited to privilege escalation. It has been classified as a high severity issue with a CVSS score of 7.0.

In response to these critical vulnerabilities, Ivanti has promptly released patches to address these security concerns and safeguard its customers from potential cyber threats. It is imperative for users of Ivanti’s Connect Secure SSL VPN appliances to apply these patches immediately to mitigate the risk of exploitation and unauthorized access to their systems.

Cybersecurity experts recommend regular software updates and patch installations to ensure the protection of network infrastructure and sensitive data. By staying proactive and maintaining a robust cybersecurity posture, organizations can reduce the likelihood of falling victim to malicious attacks targeting known vulnerabilities. Ivanti’s swift response in releasing patches underscores the importance of timely security measures in combating emerging threats in the digital landscape.

As cyber threats continue to evolve and become more sophisticated, vigilance and proactive risk management are essential for organizations to effectively safeguard their digital assets. By addressing vulnerabilities promptly and implementing security best practices, businesses can enhance their resilience against cyber threats and minimize the potential impact of security incidents.

In conclusion, the swift actions taken by Ivanti to address these critical vulnerabilities demonstrate a commitment to ensuring the security and integrity of their products. Users are strongly urged to prioritize the installation of the provided patches to fortify their defense mechanisms and prevent exploitation by threat actors. By remaining vigilant and proactive in managing cybersecurity risks, organizations can enhance their overall resilience and protect themselves from evolving cyber threats.

Source link

Latest articles

Small Practice Owner’s Guide to HIPAA Compliance

Understanding HIPAA Compliance for Small Medical Practice Owners In the realm of healthcare, small medical...

Exploring the Significance of the Name Scattered Spider

Anarchic Western Adolescent Hacking Groups Defy Easy Categorization A recent report from cybersecurity firm Group-IB...

Agentic AI Identity – A Six-Stage Maturity Model for Non-Human Identities

The Current State of Human Identity Governance in Organizations Recent findings from ongoing engagements reveal...

GitLab Addresses 8 Vulnerabilities in CE and EE Installations

GitLab Releases Critical Security Updates Addressing Eight Vulnerabilities Recently, GitLab unveiled significant security updates aimed...

More like this

Small Practice Owner’s Guide to HIPAA Compliance

Understanding HIPAA Compliance for Small Medical Practice Owners In the realm of healthcare, small medical...

Exploring the Significance of the Name Scattered Spider

Anarchic Western Adolescent Hacking Groups Defy Easy Categorization A recent report from cybersecurity firm Group-IB...

Agentic AI Identity – A Six-Stage Maturity Model for Non-Human Identities

The Current State of Human Identity Governance in Organizations Recent findings from ongoing engagements reveal...