Ivanti VPN Zero-Day Exploit Targets Enterprise Networks Globally

Posted on January 9, 2025
Ivanti, a U.S.-based software company, has disclosed a critical zero-day vulnerability in its widely used enterprise VPN solutions, including Connect Secure, Policy Secure, and ZTA Gateways. The flaw, identified as CVE-2025-0282, allows attackers to remotely deploy malicious code without authentication. This latest breach underscores the ongoing security challenges faced by the company’s products, which are extensively used across industries worldwide.

The vulnerability was flagged by Ivanti’s Integrity Checker Tool (ICT) after detecting malicious activity on customer appliances. Ivanti confirmed that a “limited number of customers” have already been affected. Although a patch for Connect Secure is available, updates for Policy Secure and ZTA Gateways are expected by January 21. Additionally, Ivanti has revealed a second vulnerability, CVE-2025-0283, though it has not yet been exploited.

The cybersecurity firm Mandiant, which uncovered the exploit with Microsoft researchers, believes the attack may be linked to a China-based cyberespionage group tracked as UNC5337 and UNC5221. This same group was associated with previous zero-day exploits targeting Ivanti products in 2024. Mandiant noted that the zero-day vulnerability was likely exploited as early as mid-December 2024.

Ben Harris, CEO of watchTowr Labs, described the incident as having the hallmarks of an advanced persistent threat (APT) targeting mission-critical systems. Harris emphasized the urgency of addressing the vulnerability, noting its widespread impact on affected organizations.

The vulnerability has prompted responses from international cybersecurity agencies, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC). Both agencies have issued advisories and are actively investigating cases of exploitation in their respective regions. CISA has added the vulnerability to its catalog of known-exploited vulnerabilities, further highlighting its severity.

Ivanti continues to work on securing its systems and urges customers to apply the available patch for Connect Secure immediately. The company is also advising enhanced monitoring and proactive measures to mitigate risks associated with this critical vulnerability.

Source: TechCrunch

The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.