Ivanti, a prominent cybersecurity company, has taken swift action to address two critical vulnerabilities in its Ivanti Connect Secure, Policy Secure, and ZTA Gateways products. The vulnerabilities, known as CVE-2025-0282 and CVE-2025-0283, have the potential to expose users to serious security risks, including remote code execution and privilege escalation.
The first vulnerability, CVE-2025-0282, is classified as critical and allows a remote unauthenticated attacker to perform a stack-based buffer overflow attack, leading to the execution of arbitrary code on affected systems. This vulnerability poses a significant threat due to its remote exploitability without requiring authentication.
On the other hand, CVE-2025-0283, while rated as high severity, also involves a stack-based buffer overflow in the Ivanti products. This vulnerability enables a local authenticated attacker to escalate their privileges, potentially gaining unauthorized access to the system.
Ivanti has promptly released patches to address these vulnerabilities and urges all customers to apply the updates immediately to prevent any exploitation. The company also recommends using the Integrity Checker Tool (ICT) to scan for signs of compromise related to CVE-2025-0282 and ensure the integrity of network infrastructure.
Affected products and versions include Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA Gateways in specific version ranges. Users are advised to apply the relevant patches as soon as possible to secure their environments. While the fix for CVE-2025-0282 and CVE-2025-0283 is already available for Ivanti Connect Secure, patches for Policy Secure and ZTA Gateways are expected to be released by January 21, 2025.
In terms of mitigation strategies, Ivanti provides detailed recommendations for users of each affected product. For instance, Ivanti Connect Secure users are advised to perform a clean ICT scan and upgrade to the latest version, while Policy Secure users should avoid exposing their appliance to the internet and apply the forthcoming patch. ZTA Gateways users are encouraged to connect their gateways to the ZTA controller to minimize exploitation risks.
Additionally, Ivanti has updated its Integrity Checker Tool to work with all relevant versions and help users detect signs of exploitation post-patching. The tool plays a crucial role in ensuring systems are secure and free from malicious activity.
In conclusion, Ivanti’s proactive response to these vulnerabilities underscores the importance of timely patching and continuous monitoring to mitigate the risk of security breaches. By combining patch management with a robust cybersecurity approach, organizations can strengthen their defenses and stay ahead of potential threats. Stay alert, stay secure.