Ivanti Discloses Exploitation Of ‘Critical’ VPN Vulnerability

The company’s Connect Secure VPN is also vulnerable to a second, high-severity flaw, Ivanti says.

Inserting image...

Ivanti disclosed Wednesday that a critical-severity, zero-day vulnerability impacting its widely used Connect Secure VPN has seen exploitation in attacks.

The vendor also said that Connect Secure devices are vulnerable to a second, high-severity flaw, which has not yet been exploited.

[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]

The critical-severity vulnerability (tracked at CVE-2025-0282) can enable attackers to remotely execute code without authentication, Ivanti said in an advisory. It has received a severity rating of 9.0 out of 10.0.

“We are aware of a limited number of customers’ Ivanti Connect Secure appliances being exploited by CVE-2025-0282 at the time of disclosure,” the company said.

Ivanti said the high-severity vulnerability (tracked at CVE-2025-0283) has not seen exploitation so far. It has received a severity rating of 7.0 out of 10.0.

Notably, “we are not aware of these CVEs being exploited in Ivanti Policy Secure or ZTA gateways,” the company said.

In the advisory Wednesday, Ivanti said that customers should perform a scan with the vendor’s Integrity Checker Tool (ICT), and then can upgrade to Ivanti Connect Secure 22.7R2.5 if they receive a “clean internal and external ICT scan.”

For customers who perform a test that “shows signs of compromise,” they should factory reset the VPN device before putting the appliance back online with version 22.7R2.5, the company said.

In a statement provided to CRN, Ivanti said that it is “actively working with affected customers” following the “limited exploitation” of the critical vulnerability.

“Ivanti’s Integrity Checker Tool (ICT) has been effective in identifying compromise related to this vulnerability. Threat actor activity was identified by the [tool] on the same day it occurred, enabling Ivanti to respond promptly and rapidly develop a fix,” the company said. “We strongly advise customers to closely monitor their internal and external ICT as part of a robust and layered approach to cybersecurity to ensure the integrity and security of the entire network infrastructure.”

Ivanti, a provider of IT and security software, acquired the technology behind its Connect Secure VPN with the acquisition of Pulse Secure in 2020.

In January 2024, Ivanti’s Connect Secure VPNs saw mass exploitation by threat actors following the disclosure of two high-severity, zero-day vulnerabilities in the devices. Researchers said thousands of Ivanti VPN devices were compromised during the wave of attacks, with the list of victims including the U.S. Cybersecurity and Infrastructure Security Agency (CISA).