Ivanti Connect Secure VPN Vulnerabilities Disclosed and Exploited
/ 1 min read
🕸️ Ivanti Connect Secure VPN faces critical zero-day vulnerabilities. Ivanti disclosed two significant vulnerabilities, CVE-2025-0282 and CVE-2025-0283, affecting its Connect Secure VPN appliances, with active exploitation of CVE-2025-0282 identified since mid-December 2024. This vulnerability allows unauthenticated remote code execution, posing severe risks to affected networks. Mandiant’s investigation revealed the deployment of various malware families, including the SPAWN ecosystem, attributed to the UNC5337 threat actor group, suspected to be linked to Chinese espionage activities. Ivanti has released patches and urges customers to secure their systems promptly, while Mandiant continues to analyze the ongoing threat landscape and provide updates on the situation.
