Ivanti is battling two new vulnerabilities, one of which is a zero-day being exploited. Cybersecurity teams must take these threats seriously and act accordingly.
The first vulnerability, CVE-2025-0282, has a critical severity of 9.0 and allows unauthenticated remote code execution, making it particularly dangerous for affected Ivanti products.
CVE-2025-0283, with a severity of 7.0, allows privilege escalation for locally authenticated attackers. Both vulnerabilities come as unwelcome news amid a history of Ivanti security flaws.
The company acknowledges its past weaknesses and has committed to a secure-by-design overhaul to enhance its development and security strategies, guided by its open letter from former CEO.
Collection
[
|
...
]