- 4/2025
- Critical
Ivanti has released security updates to fix two vulnerabilities across multiple versions of Ivanti Connect Secure, Policy Secure, and ZTA Gateways.
The addressed vulnerabilities could allow the attacker to gain elevated privileges or execute arbitrary code and gain access to the affected system.
The addressed vulnerabilities:
1. Ivanti Connect Secure Remote Code Execution (CVE-2025-0282):
- CVSS: 9.0
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Ivanti Ivanti Neurons for ZTA Gateways Privilege Escalation Vulnerability (CVE-2025-0283):
- CVSS: 7.0
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Privilege Escalation
Sample of the affected Products:
- Ivanti Connect Secure 22.7R2 through 22.7R2.4
- Ivanti Neurons for ZTA gateways 22.7R2 through 22.7R2.3
- Ivanti Policy Secure 22.7R1.2 and prior
It should be highlighted that Ivanti is aware that vulnerability “CVE-2025-0282” is being exploited in the wild.
Vulnerabilities
- CVE-2025-0282
- CVE-2025-0283
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.