Summary: Palo Alto Networks has issued a threat briefing on two critical vulnerabilities in Ivanti products, CVE-2025-0282 and CVE-2025-0283, which could allow attackers to execute remote code and escalate privileges. The vulnerabilities affect Ivanti’s Connect Secure, Policy Secure, and ZTA gateway appliances, widely used for remote network connections. Immediate patching is recommended to mitigate risks associated with these vulnerabilities.
Threat Actor: Unknown | unknown
Victim: Ivanti | Ivanti
Keypoints :
- CVE-2025-0282 allows unauthenticated attackers to achieve remote code execution on vulnerable Ivanti appliances.
- CVE-2025-0283 enables local authenticated attackers to escalate privileges, though no active exploitation has been observed.
- Attackers have utilized a custom Perl script and various tools to exploit these vulnerabilities and maintain persistent access.
- Ivanti has released patches and recommends immediate updates to affected systems to mitigate risks.