Ivanti has identified two critical buffer overflow vulnerabilities affecting its Connect Secure, Policy Secure, and ZTA Gateways, urging immediate action as cyber criminals exploit them.
Mandiant's investigation revealed that CVE-2025-0282 saw zero-day exploitation in the wild starting from mid-December 2024, with a linkage to a suspected Chinese cyber-espionage group.
Organizations using Ivanti's devices are strongly advised to utilize the external integrity checker tool for immediate assessment and to apply the released patches to mitigate risks.
CVE-2025-0282 presents a high risk with a CVSS severity rating of 9.0 due to its potential for remote code execution by unauthenticated attackers.
Collection
[
|
...
]