Skip to main content
Customer Support Customer Support

Ivanti warns hackers are exploiting new vulnerability

  • January 8, 2025
  • 1 reply
  • 8 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

 

January 8, 2025 By Jonathan Greig

 

IT software vendor Ivanti said Wednesday that multiple customers have been affected by a new vulnerability being exploited by hackers. 

The company released an advisory and a corresponding blog about two bugs — CVE-2025-0282 and CVE-2025-0283 — and warned that some customers have already seen CVE-2025-0282 exploited in their environments.

The bugs affect the company’s Connect Secure, Policy Secure and ZTA Gateways products — all of which are used widely across local and federal government agencies in the U.S. as well as internationally. 

“We are aware of a limited number of customers’ Ivanti Connect Secure appliances which have been exploited by CVE-2025-0282 at the time of disclosure. We are not aware of these CVEs being exploited in Ivanti Policy Secure or Neurons for ZTA gateways,” Ivanti said in a statement, adding that it has not seen exploitation of CVE-2025-0283.

 

>>Full Article<<

    D
    1 person likes this
    • D
      Dirty_White_Hat

    1 reply

    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54

    Chinese spies targeting new Ivanti vulnerability, Mandiant says

     

    January 9, 2025 By Jonathan Greig

     

    A newly publicized vulnerability in popular products from tech company Ivanti is being exploited by China-based espionage threat actors, according to Google-owned cybersecurity firm Mandiant.

    Mandiant published a blog post detailing its examination of CVE-2025-0282 — a vulnerability Ivanti announced on Wednesday that affects the company’s popular Connect Secure VPN appliance. 

    On Wednesday night, the leading U.S. cybersecurity agency ordered all federal civilian agencies to patch the vulnerability by January 15 — the shortest time frame it has ever issued since creating its Known Exploited Vulnerabilities Catalog.

    Experts at Mandiant attributed exploitation of the bug to China-based hackers because the malware seen in attacks has only ever been used by Chinese campaigns exploiting Ivanti Connect Secure appliances. 

     

    >>Full Article<<

    Jasper_The_Rasper
    1 person likes this
    • Jasper_The_Rasper
      Jasper_The_Rasper

    Reply


    Terms & Conditions