HomeRisk ManagementsIvanti alerts about critical remote code execution vulnerability in Connect Secure being...

Ivanti alerts about critical remote code execution vulnerability in Connect Secure being actively targeted as zero-day exploit

Published on

spot_img

Ivanti, a leading IT software provider, has recently rolled out patches for its Connect Secure SSL VPN appliances to tackle two critical memory corruption vulnerabilities. One of these vulnerabilities, identified as CVE-2025-0282, has been actively exploited in the wild as a zero-day exploit to compromise devices. This particular vulnerability, categorized as a stack-based buffer overflow, has received a critical rating with a CVSS score of 9.0. Notably, this flaw does not require authentication for exploitation and can potentially result in remote code execution. The affected products include Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways.

Furthermore, the second vulnerability uncovered, designated as CVE-2025-0283, is also a stack-based buffer overflow affecting the same products. However, this vulnerability necessitates authentication for exploitation and is limited to privilege escalation. It has been classified as a high severity issue with a CVSS score of 7.0.

In response to these critical vulnerabilities, Ivanti has promptly released patches to address these security concerns and safeguard its customers from potential cyber threats. It is imperative for users of Ivanti’s Connect Secure SSL VPN appliances to apply these patches immediately to mitigate the risk of exploitation and unauthorized access to their systems.

Cybersecurity experts recommend regular software updates and patch installations to ensure the protection of network infrastructure and sensitive data. By staying proactive and maintaining a robust cybersecurity posture, organizations can reduce the likelihood of falling victim to malicious attacks targeting known vulnerabilities. Ivanti’s swift response in releasing patches underscores the importance of timely security measures in combating emerging threats in the digital landscape.

As cyber threats continue to evolve and become more sophisticated, vigilance and proactive risk management are essential for organizations to effectively safeguard their digital assets. By addressing vulnerabilities promptly and implementing security best practices, businesses can enhance their resilience against cyber threats and minimize the potential impact of security incidents.

In conclusion, the swift actions taken by Ivanti to address these critical vulnerabilities demonstrate a commitment to ensuring the security and integrity of their products. Users are strongly urged to prioritize the installation of the provided patches to fortify their defense mechanisms and prevent exploitation by threat actors. By remaining vigilant and proactive in managing cybersecurity risks, organizations can enhance their overall resilience and protect themselves from evolving cyber threats.

Source link

Latest articles

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

Why AI in Healthcare Requires Enhanced Data Oversight

Attorney Jordan Cohen of Akerman Addresses AI Challenges in Healthcare In a rapidly evolving landscape...

When 80,000 Fans Log On at Once: Unique Cybersecurity Issues of the 2026 World Cup

In light of the imminent 2026 World Cup, which will unfold across sixteen cities...

NPM Ecosystem Faces Two New Supply Chain Compromises

Malicious Code Discovered in npm Packages: A Growing Threat In a troubling development within the...

More like this

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

Why AI in Healthcare Requires Enhanced Data Oversight

Attorney Jordan Cohen of Akerman Addresses AI Challenges in Healthcare In a rapidly evolving landscape...

When 80,000 Fans Log On at Once: Unique Cybersecurity Issues of the 2026 World Cup

In light of the imminent 2026 World Cup, which will unfold across sixteen cities...