Full Report
The company released an advisory and a corresponding blog about two bugs — CVE-2025-0282 and CVE-2025-0283 — and warned that some customers have already seen CVE-2025-0282 exploited in their environments.
Analysis Summary
# Vulnerability: Ivanti Connect Secure, Policy Secure, and ZTA Gateway Flaws Threatening Active Exploitation
## CVE Details
- CVE ID: CVE-2025-0282, CVE-2025-0283
- CVSS Score: Not explicitly stated in the text. (Severity estimated as **High** due to active exploitation warning)
- CWE: Not specified in the text.
## Affected Systems
- Products: Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Neurons for ZTA Gateways
- Versions: Not specified.
- Configurations: Devices running the affected products, particularly those exposed to the internet.
## Vulnerability Description
Two distinct vulnerabilities (CVE-2025-0282 and CVE-2025-0283) affect Ivanti's gateway products used widely by government and international entities. CVE-2025-0282 is confirmed to be under active exploitation in customer environments. The text implies these flaws provide unauthorized access or compromise the integrity of the edge devices (VPNs/Gateways).
## Exploitation
- Status: **CVE-2025-0282 is actively exploited in the wild.** CVE-2025-0283 exploitation status is not detailed, but Ivanti is not aware of its exploitation at the time of disclosure.
- Complexity: Not explicitly stated, but exploitation is occurring.
- Attack Vector: Implied **Network** (as these are remote access gateways often exposed to the internet).
## Impact
- Confidentiality: **High potential** (Implied through compromise of initial network access point).
- Integrity: **High potential**.
- Availability: **High potential**.
## Remediation
### Patches
- **CVE-2025-0282 (Connect Secure):** A patch is currently available. Customers should upgrade to the latest version after verifying their systems using the Integrity Checker Tool (ICT).
- **CVE-2025-0283 (Policy Secure & ZTA Gateways):** Patches are slated for release on **January 21**.
### Workarounds
1. **Do not expose any affected devices directly to the internet.**
2. Customers using the **Integrity Checker Tool (ICT)** and finding no evidence of exploitation can safely upgrade to the latest patched version.
3. If exploitation is found: **Perform a factory reset** on the appliance to ensure malware removal.
## Detection
- **Indicators of Compromise (IoCs):** Not detailed in the provided text, but customers are urged to use the **Integrity Checker Tool (ICT)** provided by Ivanti.
- **Detection Methods and Tools:** Ivanti’s **Integrity Checker Tool (ICT)** is available for checking if an appliance has been attacked. Continuous monitoring is strongly recommended.
## References
- Vendor Advisory: forums[dot]ivanti[dot]com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US&_gl=1*2ks7wg*_gcl_au*Mjc3MzI0MTcuMTczNjM2MDcyOQ..
- Vendor Blog: www[dot]ivanti[dot]com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways
- NCSC Advisory: ncsc[dot]gov[dot]uk/news/active-exploitation-ivanti-vulnerabilities