August 2025 Security Update

Ivanti has released its August 2025 security updates, addressing vulnerabilities across several key products including Ivanti Avalanche, Virtual Application Delivery Control (vADC), Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. This standard monthly patch release underscores Ivanti's commitment to proactive vulnerability management and responsible transparency. Crucially, the vendor states there is currently no evidence indicating these vulnerabilities are being exploited in the wild. Despite the lack of active exploitation, immediate remediation is advised to prevent potential compromise. Security teams are urged to review the specific security advisories linked by Ivanti and apply patches urgently. CVE disclosures serve as a signal for necessary updates. Customers should log cases via the Success portal for support. This update highlights the importance of maintaining rigorous patch management cycles to mitigate risks associated with network gateways and access solutions before threat actors can leverage them.

Ivanti releases standard security patches on the second Tuesday of every month.  Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. At the core, we believe that responsible transparency helps protect our customers. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Avalanche, Ivanti Virtual Application Delivery Control (vADC) (previously known as vTM) and Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access. It is important for customers to know: We have no evidence of any of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions. More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories: Ivanti Avalanche Ivanti vADC Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti has released its August 2025 security updates, addressing vulnerabilities across several key products including Ivanti Avalanche, Virtual Application Delivery Control (vADC), Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. This standard monthly patch release underscores Ivanti's commitment to proactive vulnerability management and responsible transparency. Crucially, the vendor states there is currently no evidence indicating these vulnerabilities are being exploited in the wild. Despite the lack of active exploitation, immediate remediation is advised to prevent potential compromise. Security teams are urged to review the specific security advisories linked by Ivanti and apply patches urgently. CVE disclosures serve as a signal for necessary updates. Customers should log cases via the Success portal for support. This update highlights the importance of maintaining rigorous patch management cycles to mitigate risks associated with network gateways and access solutions before threat actors can leverage them. Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. At the core, we believe that responsible transparency helps protect our customers. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Avalanche, Ivanti Virtual Application Delivery Control (vADC) (previously known as vTM) and Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access. It is important for customers to know: We have no evidence of any of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions. More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories: Ivanti Avalanche Ivanti vADC Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program. Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. At the core, we believe that responsible transparency helps protect our customers. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Avalanche, Ivanti Virtual Application Delivery Control (vADC) (previously known as vTM) and Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access. It is important for customers to know: We have no evidence of any of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions. More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories: Ivanti Avalanche Ivanti vADC Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste...