IT software vendor Ivanti said Wednesday that multiple customers have been affected by a new vulnerability being exploited by hackers.
The company released an advisory and a corresponding blog about two bugs — CVE-2025-0282 and CVE-2025-0283 — and warned that some customers have already seen CVE-2025-0282 exploited in their environments.
The bugs affect the company’s Connect Secure, Policy Secure and ZTA Gateways products — all of which are used widely across local and federal government agencies in the U.S. as well as internationally.
“We are aware of a limited number of customers’ Ivanti Connect Secure appliances which have been exploited by CVE-2025-0282 at the time of disclosure. We are not aware of these CVEs being exploited in Ivanti Policy Secure or Neurons for ZTA gateways,” Ivanti said in a statement, adding that it has not seen exploitation of CVE-2025-0283.
Ivanti said a patch is currently available for Connect Secure but patches for Policy Secure and ZTA Gateway are slated for release on January 21.
The U.K.’s National Cyber Security Centre (NCSC) published its own advisory warning of “active exploitation.”
“The NCSC is working to fully understand the UK impact and investigating cases of active exploitation affecting UK networks,” the agency said.
Customers can see if they have been attacked through an Integrity Checker Tool (ICT), and can safely upgrade to the latest version of the software if they find no evidence of exploitation. If exploitation is found customers should perform a factory reset on the appliance to ensure any malware is removed, Ivanti said.
The company urged customers not to expose any of their devices to the internet, something federal cybersecurity agencies have also previously warned organizations against.
Ivanti said the bugs were initially discovered by cybersecurity firm Mandiant and security experts at Microsoft.
“We continue to work closely with affected customers, external security partners, and law enforcement agencies as we respond to this threat,” the company said.
“This incident serves as a reminder of the importance of continuous monitoring and proactive and layered security measures, particularly for edge devices (such as VPNs) which provide an essential service as the initial access point to a corporate network – but which are also highly appealing to attackers.”
Ivanti said it will provide more information about the threat actor activity to customers that have confirmed impact.
Last April, the company pledged a security overhaul after a cascade of headline-grabbing nation-state attacks broke through the systems of government agencies in the U.S. and Europe using vulnerabilities in Ivanti products.
By September, the top cyber watchdogs in the U.S. urged federal agencies to either remove or upgrade certain Ivanti appliances that are no longer being updated and that were previously exploited in attacks.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.
