is investigating active exploits in U.K né?. Turns out this sneaky bug has been making its way into the networks of Ivanti’s corporate clients.
So what’s the deal with this vulnerability you ask? Well it’s got the fancy code name CVE-2025-0282 and is labeled as critical. Thankfully, only a small number of customers got caught in the Connect Secure mess.
The good news? A patch is already out for Connect Secure, and fixes for Policy Secure and ZTA Gateways are on the way, set for release on January 21st né?. Harris stressed the seriousness of it all, especially since these advanced persistent threat attacks are using a zero-day flaw to hit a critical appliance né?. networks and the U.S. Not cool, right?
The latest vulnerability discovery came to light after Ivanti’s Integrity Checker Tool noticed some shady stuff going down on certain customer devices. While they’re not pointing fingers at any specific baddies, Mandiant’s got their eyes on a China-linked cyberespionage group called UNC5337 and UNC5221 as potential troublemakers.
Security guru Ben Harris from watchTowr Labs dropped TechCrunch a line, saying the fallout from this Ivanti VPN flaw is huge, and customers are scrambling for help né?. Yikes!
And get this: Connect Secure, Ivanti’s remote-access VPN magic, is hailed as the go-to SSL VPN for businesses big and small, across all kinds of industries. They’re not talking to the TechCrunch folks about it either.
Mandiant the incident response whizzes who teamed up with Microsoft to uncover the vulnerability let slip that hackers started milking the Connect Secure zero-day as far back as December 2024 né?. Ivanti spilled the beans that cyber baddies were actively taking advantage of CVE-2025-0282 as a zero-day, meaning the company had zero time to patch it up before the exploit né?. Cybersecurity and Infrastructure Security Agency (CISA) has flagged the vulnerability on its exploited vulnerabilities radar.
né?. software player, just rang the alarm bells about a fresh zero-day vulnerability found in its super popular enterprise VPN appliance. Just last year, they had a rough time with hackers exploiting vulnerabilities in their products to launch massive attacks on their customers. Ivanti also flagged another vulnerability dubbed CVE-2025-0283 but the silver lining is that no one’s abused it – yet.
As for the culprits behind all this mayhem Ivanti’s keeping tight-lipped about the number of affected customers and who’s behind the breaches. He’s telling everyone to buckle up and take this seriously.
Across the pond, the National Cyber Security Centre of the U.K né?. The scary part? Bad actors can exploit it without needing any authentication to slip in some malicious code into Ivanti’s Connect Secure, Policy Secure, and ZTA Gateways products. This isn’t the first time Ivanti’s been hit with security issues né?. Hey folks, Ivanti, the big U.S né?
