- How a Passion for Languages Led to a Global Career at Cisco
- OpenAI's most capable models hallucinate more than earlier ones
- Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily
- Political engineering 101: The biz-savvy IT leader’s survival guide
- Huawei set to ship 910C AI chips at scale, signaling shift in global AI supply chain
CISA Urges All Organizations to Patch Exploited Critical Ivanti Flaws
Three critical vulnerabilities in Ivanti software have recently been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog.
In a new security advisory published on March 10, CISA added five new flaws to its KEV catalog, three of which are affecting Ivanti’s Endpoint Management.
This means the agency has observed exploitation of these vulnerabilities in the wild.
All three, CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161, are absolute path traversal vulnerabilities allowing a remote unauthenticated attacker to leak sensitive information.
They are all critical, with a CVSS score base of 9.8 each.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said in the advisory.
Although CISA’s KEV is primarily designed for US federal agencies, the cybersecurity authority “urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation.”
Ivanti Vulnerability Exploitations in 2025
This is not the first time in 2025 that Ivanti vulnerabilities have been exploited in the wild.
In early January, Microsoft and Google Cloud’s Mandiant detected exploitation of CVE-2025-0282, a critical vulnerability affecting Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways.
In late January, CISA and the FBI warned that threat actors were actively exploiting chained vulnerabilities – CVE-2024-8963, CVE-2024-9379, CVE-2024-8190 and CVE-2024-9380 – in Ivanti Cloud Service Appliances.
VeraCore Flaws Added to CISA KEV
In the March 10 advisory, CISA also warned that two other vulnerabilities, both affecting VeraCore products, are being exploited in the wild.
The first, CVE-2024-57968, is an unrestricted file upload vulnerability affecting Advantive VeraCore. When exploited, an attacker can remotely upload files to unintended folders, such as those accessible during web browsing by other users. It is a critical vulnerability, with a CVSS base score of 9.9.
The second, CVE-2025-25181, is an SQL injection flaw that also affects Advantive VeraCore, allowing remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. It is a medium-severity flaw, with a CVSS base score of 5.8.
