Summary: Ivanti has reported that hackers exploited a critical remote code execution vulnerability (CVE-2025-0282) in Ivanti Connect Secure appliances to install malware. The company has released patches for the affected products and is investigating the incidents with cybersecurity partners.
Threat Actor: Unknown | unknown
Victim: Ivanti Connect Secure | Ivanti Connect Secure
Key Point :
- CVEs 2025-0282 and 2025-0283 were identified, with 0282 being actively exploited.
- Security patches have been released for Ivanti Connect Secure, while fixes for other products are expected by January 21, 2025.
- Ivanti recommends performing internal and external scans and factory resets for compromised appliances.
- Ongoing investigations are being conducted in collaboration with Mandiant and Microsoft Threat Intelligence Center.