- Nintendo Switch 2 at CES 2025: Everything we know
- The best graphing calculators of 2025
- How to encrypt any email - in Outlook, Gmail, and other popular services
- The Best of CES 2025 awards are in, as selected by ZDNET and the rest of CNET Group
- Fancy Product Designer Plugin Flaws Expose WordPress Sites
Critical Ivanti Zero-Day Exploited in the Wild
The UK’s National Cyber Security Centre (NCSC) and its US equivalent have urged Ivanti customers to take immediate action to mitigate two new vulnerabilities, one of which is being actively exploited.
Ivanti released a security advisory on Wednesday outlining the two stack-based buffer overflow flaws in its Ivanti Connect Secure, Policy Secure and ZTA gateways products.
CVE-2025-0282 is a critical zero-day vulnerability with a CVSS score of 9.0 that could lead to unauthenticated remote code execution (RCE), according to the security vendor. It affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2 and Ivanti Neurons for ZTA gateways before version 22.7R2.3.
The second vulnerability, CVE-2025-0283, could allow a local authenticated attacker to escalate privileges, Ivanti warned. It impacts Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3.
The issues were discovered by researchers at Microsoft and Google Mandiant.
“We are aware of a limited number of customers’ Ivanti Connect Secure appliances being exploited by CVE-2025-0282 at the time of disclosure. We are not aware of these CVEs being exploited in Ivanti Policy Secure or ZTA gateways,” the advisory noted.
“We are not aware of any exploitation of CVE-2025-0283 at the time of disclosure.”
Read more on Ivanti zero-days: Two Ivanti Zero-Days Actively Exploited in the Wild
Patches are available for both vulnerabilities, but only for the Ivanti Connect Secure product. Users of the other two affected solutions will have to wait until January 21 for a fix, but no in-the-wild exploitation of these products has currently been reported.
Both the NCSC and US Cybersecurity and Infrastructure Security Agency (CISA) offered the same advice, as per Ivanti’s recommendations:
- Run Ivanti’s Integrity Checker Tool (ICT) to detect exploitation of CVE-2025-0282
- If compromised, report immediately to the NCSC/CISA
- Perform a factory reset and install the latest security update for Ivanti Connect Secure
- Ensure the Ivanti Policy Secure appliance is configured correctly and not exposed to the internet
- Ivanti Neurons ZTA gateways can’t be exploited when in production. However, if a gateway is generated and left unconnected to a ZTA controller, there’s a risk of exploitation on the gateway
- Perform continuous monitoring and threat hunting
“The NCSC is working to fully understand the UK impact and investigating cases of active exploitation affecting UK networks,” the agency said.
Almost a year ago, a high-severity authentication bypass vulnerability was discovered in Ivanti Connect Secure, Policy Secure and ZTA gateways.
