Multiple vulnerabilities in Ivanti products could lead to remote code execution. The most critical vulnerability affects Ivanti Connect Secure, with active exploitation reported. Affected: Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Neurons for ZTA gateways
Keypoints :
- Multiple vulnerabilities discovered in Ivanti products.
- Most severe vulnerability allows for remote code execution.
- Ivanti Endpoint Manager is a client-based unified endpoint management software.
- Active exploitation of CVE-2025-0282 affecting Ivanti Connect Secure has been reported.
- Recommendations include applying updates and maintaining a vulnerability management process.
MITRE Techniques :
- Tactic: Initial Access (TA0001): Technique: Exploit Public-Facing Application (T1190): A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5 allows a remote unauthenticated attacker to achieve remote code execution. (CVE-2025-0282)
- A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5 allows a local authenticated attacker to escalate their privileges. (CVE-2025-0283)
Indicator of Compromise :
- [url] www.ivanti.com/products
- Check the article for all found IoCs.
Full Research: https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-ivanti-products-could-allow-for-remote-code-execution_2025-001