Summary: Ivanti has disclosed two critical vulnerabilities in its enterprise products, with one already being exploited in the wild. The vulnerabilities, CVE-2025-0282 and CVE-2025-0283, allow remote code execution and privilege escalation attacks, respectively.
Threat Actor: Unspecified | Unspecified
Victim: Ivanti | Ivanti
Key Point :
- Two vulnerabilities, CVE-2025-0282 (critical) and CVE-2025-0283 (high), have been identified in Ivanti’s products.
- CVE-2025-0282 allows unauthenticated remote code execution, while CVE-2025-0283 enables local privilege escalation.
- Ivanti recommends immediate upgrades and monitoring of internal and external ICT for signs of compromise.
- A factory reset is advised for affected appliances before deploying the patched version.
Source: https://www.securityweek.com/ivanti-warns-of-new-zero-day-attacks-hitting-connect-secure-product/