Organizations are urged to act swiftly to address vulnerabilities impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways by sticking to the latest guidance from the vendor.
Ivanti has released a critical security update addressing these vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283. The fix is now available via Ivanti’s standard download portal.
The company disclosed that a limited number of Ivanti Connect Secure appliances were exploited through CVE-2025-0282 at the time of disclosure. However, it says there is no evidence that the vulnerabilities have been exploited in Ivanti Policy Secure or Neurons for ZTA gateways.
Swift Response and Collaboration
Threat actor activity linked to the exploit was detected using Ivanti’s Integrity Checker Tool (ICT) on the same day it happened. This enabled Ivanti to respond rapidly, develop a fix, and initiate collaboration with affected customers, security partners, and law enforcement agencies.
Ivanti is urging customers to enhance monitoring of both internal and external ICT to safeguard network infrastructure. “We continue to work closely with affected customers, external security partners, and law enforcement agencies as we respond to this threat. We strongly advise all customers to closely monitor their internal and external ICT as a part of a robust and layered approach to cybersecurity to ensure the integrity and security of the entire network infrastructure,” the company saiid.
Customer Support and Resources
To assist with implementing the patch, Ivanti has allocated additional resources and support teams. Comprehensive guidance is available in the security advisory, including instructions for applying the fix and mitigating potential threats.
Customers are encouraged to contact Ivanti’s Support team for assistance through the Success portal, which requires login credentials.
Commitment to Transparency and Security
Ivanti underscored its commitment to transparency and collaboration within the cybersecurity ecosystem. The company thanked customers and security partners for their role in enabling swift detection and resolution of the vulnerabilities.
“This incident serves as a reminder of the importance of continuous monitoring and proactive and layered security measures, particularly for edge devices (such as VPNs), which provide an essential service as the initial access point to a corporate network – but which are also highly appealing to attackers,” Ivanti added.
For real-time updates on Ivanti’s Security Advisories, customers can subscribe to the company’s RSS feed at Ivanti Security Advisory RSS.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.