Published on: 09 January 2025
Ivanti has released a security advisory to address multiple vulnerabilities in Ivanti products. Detailed information about the vulnerabilities can be found at:
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283
Reports indicated that the remote code execution vulnerability (CVE-2025-0282) in Ivanti Connect Secure is being exploited in the wild. System administrators are advised to apply the latest security patches provided by Ivanti to mitigate the elevated risk of cyber attacks.
Please note that older unsupported and End-Of-Life (EOL) versions are also vulnerable with no security updates provided. System administrators should arrange to upgrade the unsupported and EOL versions to supported versions or migrate to other supported technology.
For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.
Successful exploitation of the vulnerabilities could lead to remote code execution or elevation of privilege on an affected system.
Patches for Ivanti Connect Secure is now available. System administrators should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
Patches for Ivanti Policy Secure and Neurons for ZTA gateways are not yet available for download and are planned for release on 21 January 2025. System administrators should keep abreast of the Ivanti website for the availability of patches, and apply the patches when available.