Ivanti has issued a warning about active zero-day attacks exploiting a critical vulnerability (CVE-2025-0282) in its Connect Secure appliances, allowing threat actors to install malware and potentially compromise systems.
The company discovered the attacks after its Ivanti Integrity Checker Tool (ICT) detected malicious activity on several customers’ appliances.
Following an internal investigation, Ivanti confirmed that CVE-2025-0282, a stack-based buffer overflow vulnerability, was being actively exploited in the wild. The vulnerability affects Ivanti Connect Secure (versions before 22.7R2.5), Ivanti Policy Secure (versions before 22.7R1.2), Ivanti Neurons for ZTA gateways (versions before 22.7R2.3).
The flaw allows unauthenticated attackers to execute arbitrary code remotely on vulnerable devices. While the vulnerability impacts all three products, Ivanti has only observed exploitation on Connect Secure appliances so far.
Ivanti said it is not aware of the issue being exploited in Ivanti Policy Secure or Neurons for ZTA gateways.
Ivanti has released firmware version 22.7R2.5, which resolves the issue. However, patches for the other impacted products—Policy Secure and Neurons for ZTA gateways—are expected to be available by January 21, 2025.