skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Ivanti Reports Critical Vulnerabilities in Remote Access Products

/ 1 min read

🦠 Ivanti warns of critical vulnerabilities in remote access products. On January 8, 2025, Ivanti disclosed two significant vulnerabilities (CVE-2025-0282 and CVE-2025-0283) affecting its Connect Secure, Policy Secure, and ZTA gateway products, with CVE-2025-0282 allowing remote code execution by unauthenticated attackers and rated critical with a CVSS score of 9.0. Mandiant reported active exploitation of CVE-2025-0282, while CVE-2025-0283 enables local privilege escalation. Attackers have been observed using custom scripts and tools to exploit these vulnerabilities, leading to credential harvesting and lateral movement within networks. Ivanti has released patches and recommends immediate updates to mitigate these risks, while Palo Alto Networks offers protective measures through its security products.

Source
{entry.data.source.title}
Original