Ivanti, a prominent U.S. software provider, has issued a critical warning regarding a zero-day vulnerability in its widely used enterprise VPN appliances.This vulnerability tracked as CVE-2025-0282, has been actively exploited by threat actors to compromise the networks of numerous corporate customers.
The vulnerability, residing within Ivanti’s Connect Secure, Policy Secure, and ZTA Gateways products, allows attackers to remotely execute malicious code without requiring authentication.Ivanti emphasizes that Connect Secure, its remote-access VPN solution, boasts widespread adoption across various industries and organizations of all sizes.
This incident marks the latest security breach targeting Ivanti’s products in recent years. Following a series of mass hack incidents in 2024, Ivanti committed to overhauling its security processes. However, this recent exploitation underscores the company’s ongoing challenges in safeguarding its customers.
“This vulnerability is of significant concern as the attacks have ‘all the hallmarks of [an advanced persistent threat] usage of a zero-day against a mission-critical appliance,'”
stated Ben Harris, CEO of security research firm watchTowr Labs, in an email to TechCrunch.
“We urge everyone to take this seriously.”
The U.K.’s National Cyber Security Centre has confirmed active exploitation within U.K. networks, while the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its catalogue of known-exploited vulnerabilities.Ivanti has released a patch for Connect Secure, with patches for Policy Secure and ZTA Gateways scheduled for January 21st.
This incident highlights the critical importance of robust cybersecurity measures and the ongoing threat posed by sophisticated cyberattacks targeting critical infrastructure.