IT software vendor Ivanti reported on Wednesday that a new vulnerability has been targeted by hackers, impacting several of their customers. The company issued an advisory and a corresponding blog post detailing two bugs, CVE-2025-0282 and CVE-2025-0283, and cautioned that CVE-2025-0282 has already been exploited in some customer environments.
The vulnerabilities affect Ivanti’s Connect Secure, Policy Secure, and ZTA Gateways products, which are extensively used by local and federal government agencies in the U.S. and internationally. According to Ivanti, a limited number of customers using Connect Secure appliances have fallen victim to CVE-2025-0282, although there have been no reported instances of exploitation in Ivanti Policy Secure or Neurons for ZTA gateways. Fortunately, no exploitation of CVE-2025-0283 has been observed.
A patch is currently available for Connect Secure, while patches for Policy Secure and ZTA Gateway are expected to be released on January 21. The U.K.’s National Cyber Security Centre (NCSC) also issued its own advisory about the active exploitation of these vulnerabilities.
Customers are advised to use an Integrity Checker Tool (ICT) to check for any signs of attack and upgrade to the latest software version if no exploitation is detected. In case of exploitation, customers should perform a factory reset on the appliance to eliminate any malware. Ivanti has urged customers to avoid exposing their devices to the internet, aligning with previous warnings from federal cybersecurity agencies against such practices.
The bugs were initially discovered by cybersecurity firm Mandiant and security experts at Microsoft. In response to the threat, Ivanti is collaborating with affected customers, external security partners, and law enforcement agencies to address the issue.
The incident underscores the importance of continuous monitoring and proactive security measures, particularly for edge devices like VPNs that serve as the initial access point to corporate networks and are prime targets for attackers. Ivanti plans to provide additional information about threat actor activity to impacted customers.
Following a series of high-profile attacks on government agencies in the U.S. and Europe utilizing vulnerabilities in Ivanti products, the company pledged a security overhaul last April. By September, U.S. cybersecurity authorities recommended that federal agencies either remove or upgrade outdated Ivanti appliances that had been exploited in previous attacks.
In conclusion, Ivanti is actively working to address the exploitation of these vulnerabilities and enhance the security of its products to safeguard customers against malicious cyber threats. Customers are advised to stay vigilant, apply necessary patches, and follow best practices for securing their IT infrastructure.