A critical zero-day vulnerability (CVE-2025-0282) in Ivanti’s Connect Secure VPN appliance has been actively exploited by hackers since mid-December 2024, according to cybersecurity firm Mandiant. The flaw allows attackers to plant malicious code remotely without authentication, targeting one of the most widely used SSL VPNs across industries.
While not definitively attributed, China-linked cyberespionage groups UNC5337 and UNC5221 are suspected. Similar groups exploited Ivanti’s VPN products in mass hacks during 2024.
Global “widespread impact” reported, with U.K. and U.S. agencies actively investigating. Security experts warn the flaw has hallmarks of advanced persistent threat (APT) attacks on mission-critical systems.
Organizations using Ivanti VPN products are urged to update immediately and monitor for signs of compromise.
Affected Products:
• Ivanti’s Connect Secure, Policy Secure, and ZTA Gateways.
• Patch Status: A fix is available for Connect Secure, but updates for other products are delayed until January 21, 2025.
Discover more from Stay Up-to-Date on the Latest Art News with Gothamartnews.com
Subscribe to get the latest posts sent to your email.
Be First to Comment