Rapid response · 1 MIN READ · AARON WALTON · JAN 8, 2025 · TAGS: tech stack
TL;DR
- Ivanti disclosed a zero-day vulnerability (CVE-2025-0282) for some of its products.
- Attackers are actively exploiting it to execute unauthenticated remote code.
- Ivanti has released an update and recommends customers apply it immediately.
What happened?
Ivanti disclosed a zero-day vulnerability today (January 8, 2025) that affects multiple products:
- Ivanti Connect Secure
- Ivanti Policy Secure
- Ivanti Neurons for ZTA Gateways
This zero-day (CVE-2025-0282) has a CVSS score of 9.0 (Critical), and can allow attackers to execute unauthenticated remote code.
What should you do right now?
Ivanti has released a patch, which customers can download from the Ivanti Licensing Portal. The company recommends that users apply the patch to affected appliances as soon as possible.
You can read more about this vulnerability from Ivanti’s own security advisory.
In the meantime, Expel is monitoring customer environments for evidence of exploitation.
Why does it matter?
Waiting to take immediate action could result in attacker exploitation. Patching the vulnerability will require work from your team, and it’s important you apply the patch in a timely manner. Don’t wait!
What’s next?
We’ll update this post with big developments, but if you or your team have any additional questions regarding this vulnerability, or information regarding signs of exploitation, please reach out to us.