Ivanti Connect Secure VPN Zero-Day Exploitation (CVE-2025-0282)
Ivanti has reported two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, affecting Ivanti Connect Secure (ICS) VPN appliances. Mandiant has observed active exploitation of CVE-2025-0282 as a zero-day vulnerability since mid-December 2024. CVE-2025-0282 is a stack-based buffer overflow that can be exploited without authentication, potentially allowing remote code execution and leading to further network compromise.
The breach was identified by Ivanti and impacted customers using the company’s Integrity Checker Tool (ICT) alongside other security monitoring tools. Ivanti has collaborated with Mandiant, affected customers, government agencies, and security vendors to address these vulnerabilities. Patches have been released to mitigate the exploited flaws, and Ivanti advises customers to promptly implement the recommended actions outlined in the Security Advisory to protect their systems.
Mandiant reported observing the hackers attempting to steal databases potentially containing VPN sessions, session cookies, API keys, certificates, and credential data.
The vulnerabilities were exploited as early as December 2023 by a hacker group identified by Mandiant as UNC5221.
Security Advisory – https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US
![Ivanti Connect Secure VPN Zero-Day Exploitation (CVE-2025-0282)](https://i0.wp.com/www.systemtek.co.uk/wp-content/uploads/2023/08/luke-s.jpg?resize=100%2C100)
Blogger at www.systemtek.co.uk