Close Menu
Subscribe
Threats and Vulnerabilities Attacks Latest News News & Analysis Threat Intelligence

Ivanti Warns of Active Exploitation of a Vulnerability in Connect Secure

Kirsten DoyleBy 2 Mins Read
connect secure

Organizations are urged to act swiftly to address vulnerabilities impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways by sticking to the latest guidance from the vendor.

Ivanti has released a critical security update addressing these vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283. The fix is now available via Ivanti’s standard download portal.

The company disclosed that a limited number of Ivanti Connect Secure appliances were exploited through CVE-2025-0282 at the time of disclosure. However, it says there is no evidence that the vulnerabilities have been exploited in Ivanti Policy Secure or Neurons for ZTA gateways.

Swift Response and Collaboration

Threat actor activity linked to the exploit was detected using Ivanti’s Integrity Checker Tool (ICT) on the same day it happened. This enabled Ivanti to respond rapidly, develop a fix, and initiate collaboration with affected customers, security partners, and law enforcement agencies.

Ivanti is urging customers to enhance monitoring of both internal and external ICT to safeguard network infrastructure. “We continue to work closely with affected customers, external security partners, and law enforcement agencies as we respond to this threat. We strongly advise all customers to closely monitor their internal and external ICT as a part of a robust and layered approach to cybersecurity to ensure the integrity and security of the entire network infrastructure,” the company saiid.

Customer Support and Resources

To assist with implementing the patch, Ivanti has allocated additional resources and support teams. Comprehensive guidance is available in the security advisory, including instructions for applying the fix and mitigating potential threats.

Customers are encouraged to contact Ivanti’s Support team for assistance through the Success portal, which requires login credentials.

Commitment to Transparency and Security

Ivanti underscored its commitment to transparency and collaboration within the cybersecurity ecosystem. The company thanked customers and security partners for their role in enabling swift detection and resolution of the vulnerabilities.

“This incident serves as a reminder of the importance of continuous monitoring and proactive and layered security measures, particularly for edge devices (such as VPNs), which provide an essential service as the initial access point to a corporate network – but which are also highly appealing to attackers,” Ivanti added.

For real-time updates on Ivanti’s Security Advisories, customers can subscribe to the company’s RSS feed at Ivanti Security Advisory RSS.

About the Author

  • kirsten doyle

    Information Security Buzz News Editor

    Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.

The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share.

Related Posts

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

Working With Us

Write For Us

The Pages