Ivanti security advisory (AV25-008)

Serial number: AV25-008
Date: January 8, 2025

On January 8, 2025, Ivanti published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Ivanti Connect Secure – versions prior to 22.7R2.5 and versions 9.1R18.9 and prior
• Ivanti Policy Secure – versions prior to 22.7R1.2
• Ivanti Neurons for ZTA Gateways – versions prior to 22.7R2.3

Exploitation of this vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. could allow an unauthenticated actor to execute remote code.

Ivanti has reported that vulnerability CVE-2025-0282 has been exploited.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways
• Ivanti Security Advisories