HomeRisk ManagementsIvanti alerts about critical remote code execution vulnerability in Connect Secure being...

Ivanti alerts about critical remote code execution vulnerability in Connect Secure being actively targeted as zero-day exploit

Published on

spot_img

Ivanti, a leading IT software provider, has recently rolled out patches for its Connect Secure SSL VPN appliances to tackle two critical memory corruption vulnerabilities. One of these vulnerabilities, identified as CVE-2025-0282, has been actively exploited in the wild as a zero-day exploit to compromise devices. This particular vulnerability, categorized as a stack-based buffer overflow, has received a critical rating with a CVSS score of 9.0. Notably, this flaw does not require authentication for exploitation and can potentially result in remote code execution. The affected products include Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways.

Furthermore, the second vulnerability uncovered, designated as CVE-2025-0283, is also a stack-based buffer overflow affecting the same products. However, this vulnerability necessitates authentication for exploitation and is limited to privilege escalation. It has been classified as a high severity issue with a CVSS score of 7.0.

In response to these critical vulnerabilities, Ivanti has promptly released patches to address these security concerns and safeguard its customers from potential cyber threats. It is imperative for users of Ivanti’s Connect Secure SSL VPN appliances to apply these patches immediately to mitigate the risk of exploitation and unauthorized access to their systems.

Cybersecurity experts recommend regular software updates and patch installations to ensure the protection of network infrastructure and sensitive data. By staying proactive and maintaining a robust cybersecurity posture, organizations can reduce the likelihood of falling victim to malicious attacks targeting known vulnerabilities. Ivanti’s swift response in releasing patches underscores the importance of timely security measures in combating emerging threats in the digital landscape.

As cyber threats continue to evolve and become more sophisticated, vigilance and proactive risk management are essential for organizations to effectively safeguard their digital assets. By addressing vulnerabilities promptly and implementing security best practices, businesses can enhance their resilience against cyber threats and minimize the potential impact of security incidents.

In conclusion, the swift actions taken by Ivanti to address these critical vulnerabilities demonstrate a commitment to ensuring the security and integrity of their products. Users are strongly urged to prioritize the installation of the provided patches to fortify their defense mechanisms and prevent exploitation by threat actors. By remaining vigilant and proactive in managing cybersecurity risks, organizations can enhance their overall resilience and protect themselves from evolving cyber threats.

Source link

Latest articles

FortiBleed Credential Theft Connected to INC and Lynx Ransomware Activities

The newly uncovered FortiBleed campaign has raised significant security alarms within the cybersecurity community,...

Pegasus Spyware Targets European Parliament Member Investigating Spyware Misuse

A recently unveiled forensic investigation has shed light on a serious breach of privacy...

Qilin Leads the Ransomware Market, According to Infosecurity Magazine

The ransomware ecosystem is undergoing significant transformation, shifting from fragmentation toward a phase of...

New NetScaler Vulnerability Similar to CitrixBleed Under Active Exploitation

Smaller Leak But Still Dangerous: A New Vulnerability in Citrix Technologies In a recent security...

More like this

FortiBleed Credential Theft Connected to INC and Lynx Ransomware Activities

The newly uncovered FortiBleed campaign has raised significant security alarms within the cybersecurity community,...

Pegasus Spyware Targets European Parliament Member Investigating Spyware Misuse

A recently unveiled forensic investigation has shed light on a serious breach of privacy...

Qilin Leads the Ransomware Market, According to Infosecurity Magazine

The ransomware ecosystem is undergoing significant transformation, shifting from fragmentation toward a phase of...