Ivanti released security updates to address vulnerabilities (CVE-2025-0282, CVE-2025-0283) in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. A cyber threat actor could exploit CVE-2025-0282 to take control of an affected system.
CISA has added CVE-2025-0282 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CISA urges organizations to hunt for any malicious activity, report any positive findings to CISA, and review the following for more information:
- Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283)
For all instances of Ivanti Connect Secure, Policy Secure, and ZTA Gateways, see the following steps for general hunting guidance:
- Conduct threat hunting actions:
- Run the In-Build Integrity Checker Tool (ICT). Instructions can be found here.
- Conduct threat hunt actions on any systems connected to—or recently connected to—the affected Ivanti device.
- If threat hunting actions determine no compromise:
- Factory reset the device and apply the patch described in Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283).
- Monitor the authentication or identity management services that could be exposed.
- Continue to audit privilege level access accounts.
- If threat hunting actions determine compromise:
- Report to CISA and Ivanti immediately to start forensic investigation and incident response activities.
- Disconnect instances of affected Ivanti Connect Secure products.
- Isolate the systems from any enterprise resources to the greatest
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: