Pierluigi Paganini
January 09, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure Vulnerability, tracked as CVE-2025-0282 (CVSS score: 9.0) to its Known Exploited Vulnerabilities (KEV) catalog.
The vulnerability Ivanti impacted Ivanti Connect Secure, Policy Secure and ZTA Gateways. An unauthenticated attacker can exploit the flaw to achieve remote code execution. A local authenticated attacker can trigger the vulnerability to escalate privileges.
“Ivanti has released an update that addresses one critical and one high vulnerability in Ivanti Connect Secure, Policy Secure and ZTA Gateways. Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code execution.” reads the advisory. “CVE-2025-0283 could allow a local authenticated attacker to escalate privileges.”
The company knows that the vulnerability was exploited in attacks against a limited number of customers.
“We are aware of a limited number of customers’ Ivanti Connect Secure appliances being exploited by CVE-2025-0282 at the time of disclosure.” continues the advisory. “We are not aware of these CVEs being exploited in Ivanti Policy Secure or ZTA gateways.”
Ivanti addressed a high-severity flaw, tracked as CVE-2025-0283 (CVSS score: 7.0), that allows a local authenticated attacker to escalate privileges.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
CISA orders federal agencies to fix this vulnerability by January 15, 2025.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA Known Exploited Vulnerabilities catalog)
