Ivanti’s Zero-Day Vulnerability Exposes Corporate Networks: What You Need to Know
Imagine this: a vulnerability in a widely-used VPN system, allowing cybercriminals to sneak into corporate networks without any invitation. That’s the unsettling reality U.S. software giant Ivanti is facing with their enterprise VPN appliance. The vulnerability, labeled CVE-2025-0282, has been actively exploited, putting many corporate networks at risk.
Ivanti’s Connect Secure is touted as the most adopted SSL VPN across industries. But now, this critical flaw allows attackers to remotely inject malicious code into their Connect Secure, Policy Secure, and ZTA Gateways products—all without needing authentication. This isn’t the first time Ivanti has been in the spotlight for security issues; they’ve been grappling with similar challenges over recent years.
- The vulnerability was flagged by Ivanti’s Integrity Checker Tool (ICT), which detected unusual activities on customer devices.
- A patch for Connect Secure is now available, but fixes for Policy Secure and ZTA Gateways are expected by January 21.
- A second vulnerability, CVE-2025-0283, was also discovered but hasn’t been exploited yet.
“This has all the hallmarks of an advanced persistent threat using a zero-day against a mission-critical appliance,” cautions Ben Harris, CEO of security research firm WatchTowr Labs. “Please take this seriously.”
{Ben Harris}
The cybersecurity community is on high alert. Incident response firm Mandiant discovered these vulnerabilities alongside Microsoft researchers. They’ve noted that hackers have been exploiting the Connect Secure zero-day since mid-December 2024. Although specific threat actors haven’t been pinpointed, there’s suspicion of involvement from a China-linked cyberespionage group known as UNC5337 and UNC5221.
Both the U.K.’s National Cyber Security Centre and the U.S. cybersecurity agency CISA have issued warnings about this vulnerability. It’s crucial for affected organizations to act promptly and patch their systems to mitigate further risks.
In conclusion, if your organization relies on Ivanti’s VPN solutions, ensure you’re updated with the latest patches and maintain vigilance. Cybersecurity isn’t just a technical issue—it’s a mission-critical priority that requires immediate attention.
