Serial number: AV25-008
Date: January 8, 2025
On January 8, 2025, Ivanti published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:
- Ivanti Connect Secure – versions prior to 22.7R2.5 and versions 9.1R18.9 and prior
- Ivanti Policy Secure – versions prior to 22.7R1.2
- Ivanti Neurons for ZTA Gateways – versions prior to 22.7R2.3
Exploitation of this vulnerability could allow an unauthenticated actor to execute remote code.
Ivanti has reported that vulnerability CVE-2025-0282 has been exploited.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
This alert was originated From: Canadian Centre for Cyber Security
https://cyber.gc.ca/en/alerts-advisories/ivanti-security-advisory-av25-008