Ivanti Unauthenticated Remote Code Execution

Published on 09-Jan-2025
Updated:
27-Jan-2025
Status:
 
Active
CVEs:
CVE-2025-0282
CVE-2025-0283

Fortra is actively researching vulnerabilities in Ivanti Connect Secure, Policy Secure, and ZTA Gateways – CVE-2025-0282 and CVE-2025-0283. Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code execution, while CVE-2025-0283 could allow a local authenticated attacker to escalate privileges. Ivanti has begun to release patches for these vulnerabilities, and customers should upgrade as soon as relevant patches are released. 

Who is affected?

The following products are affected by these vulnerabilities.

CVE-2025-0282

  • Ivanti Connect Secure 22.7R2 through 22.7R2.4
  • Ivanti Policy Secure 22.7R1 through 22.7R1.2
  • Ivanti Neurons for ZTA Gateways 22.7R2 through 22.7R2.3

CVE-2025-0283

  • Ivanti Connect Secure 22.7R2.4 and prior, 9.1R18.9 and prior
  • Ivanti Policy Secure 22.7R1.2 and prior
  • Ivanti Neurons for ZTA Gateways 22.7R2.3 and prior

What can I do?

Ivanti has released a patch for Ivanti Connect Secure in version 22.7R2.5; customers should upgrade as soon as possible.

Patches for Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways are planned for January 21, 2025. 

For additional information about these vulnerabilities, planned patches, and vendor recommendations, refer to Ivanti’s security advisory.

How is Fortra helping me?

Fortra is actively researching this threat to build detection capabilities in addition to those listed below:

  • FusionVM: Unauthenticated network scan for Ivanti Connect Secure released on Monday, January 20th.
  • IDS: Ivanti hc_launcher version check IDS signature released for CVE-2025-0282 on January 9, 2025. 
  • Tripwire IP360: Tripwire will release scan coverage on January 29, 2025, to identify vulnerable instances. The following table identifies matching vulnerabilities.
CVETripwire IP360 Vulnerabilities
CVE-2025-0282694288
CVE-2025-0283694289

Updates

Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available. 

01/09/2025: Ivanti hc_launcher version check IDS signature released.

01/20/2025: Unauthenticated scan released for Ivanti Connect Secure.  

01/29/2025: Tripwire scan coverage for CVE-2025-0282/0283 releasing.
 

Recent Emerging Threats
:
Multiple Vulnerabilities Impacting VMware ESXi, Workstation, and Fusion Updates
:
Multiple Vulnerabilities Impacting rsync
:
FortiOS & FortiProxy: Authentication Bypass in Node.js Websocket Module
:
PAN-OS Firewall Denial of Service Vulnerability
:
Apache Tomcat Remote Code Execution Vulnerability
Security Alerts in Your Inbox. We will watch for emerging threats; you can watch for our email.