Ivanti has issued an urgent security advisory concerning a critical remote code execution (RCE) vulnerability, identified as CVE-2025-0282, in its Connect Secure product. This zero-day flaw has been actively exploited by threat actors to compromise systems, prompting immediate action from organizations utilizing this technology.
Ivanti became aware of the exploitation through its Integrity Checker Tool (ICT), which detected malicious activity on customers’ appliances. Subsequent investigations confirmed that threat actors have been actively leveraging CVE-2025-0282 in zero-day attacks to install malware on vulnerable devices. Notably, the same advanced persistent threat (APT) group that previously targeted Connect Secure appliances in early 2024 has been linked to these recent exploits.
Mitigation Measures and Recommendations
In response to the identified threat, Ivanti has released security patches addressing CVE-2025-0282 in Connect Secure version 22.7R2.5.
Organizations are strongly advised to:
- Immediately update Connect Secure appliances to version 22.7R2.5 or later.
- Utilize the Ivanti Integrity Checker Tool (ICT) to identify any signs of compromise.
- Perform a factory reset on appliances showing indications of exploitation before applying updates to ensure the removal of any implanted malware.
- Monitor network activity for anomalies that may suggest unauthorized access or data exfiltration.
Given the active exploitation of this vulnerability, prompt action is essential to safeguard organizational networks and data.
The discovery and active exploitation of CVE-2025-0282 highlight the persistent threats posed by zero-day vulnerabilities in widely used network security products. Organizations must remain vigilant, ensuring timely application of security patches and continuous monitoring for potential intrusions to maintain robust cybersecurity defenses.
