Security Update: Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways

Ivanti has released a critical security update addressing two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, affecting Connect Secure, Policy Secure, and Neurons for ZTA gateways. Active exploitation of CVE-2025-0282 has been confirmed on a limited number of Connect Secure appliances, though no exploitation is currently known for the other products. This incident highlights the risk to edge devices serving as initial access points. Ivanti detected the activity using their Integrity Checker Tool (ICT) and has released patches. Customers are urged to apply fixes immediately via the download portal and monitor ICT logs for signs of compromise. While no specific threat actor or malware family has been publicly attributed, the exploitation underscores the need for layered security measures and continuous monitoring of VPN infrastructure. Ivanti is collaborating with law enforcement and security partners to mitigate the threat and assist affected organizations.

At Ivanti, our mission is to empower customers to defend their environments in an evolving and increasingly sophisticated threat landscape. This includes providing industry-leading products, transparent communication, and sophisticated tools to help to protect and fortify networks. Central to this mission is a culture of transparency and responsiveness, especially when facing a security issue. This is essential for the health and security of the entire industry and the organizations we serve. To this end, we are issuing an important security update addressing recently identified vulnerabilities for Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways. We are reporting the vulnerabilities as CVE-2025-0282 and CVE-2025-0283. A fix is available now in our standard download portal. We are aware of a limited number of customers’ Ivanti Connect Secure appliances which have been exploited by CVE-2025-0282 at the time of disclosure. We are not aware of these CVEs being exploited in Ivanti Policy Secure or Neurons for ZTA gateways. Threat actor activity was identified by the Integrity Checker Tool (ICT) on the same day it occurred, enabling Ivanti to respond promptly and rapidly develop a fix . We continue to work closely with affected customers, external security partners, and law enforcement agencies as we respond to this threat. We strongly advise all customers to closely monitor their internal and external ICT as a part of a robust and layered approach to cybersecurity to ensure the integrity and security of the entire network infrastructure. We have made additional resources and support teams available to assist customers in implementing the patch and addressing any concerns. Information is available in this Security Advisory on how to apply the fix and the nature of the threat so that customers can protect their environment. Thank you to our customers and security partners for their engagement and support, which enabled our swift detection and response to this issue. We remain committed to continuously improving our products and processes through collaboration and transparency with our stakeholders and the broader security ecosystem. This incident serves as a reminder of the importance of continuous monitoring and proactive and layered security measures, particularly for edge devices (such as VPNs) which provide an essential service as the initial access point to a corporate network – but which are also highly appealing to attackers. Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti has released a critical security update addressing two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, affecting Connect Secure, Policy Secure, and Neurons for ZTA gateways. Active exploitation of CVE-2025-0282 has been confirmed on a limited number of Connect Secure appliances, though no exploitation is currently known for the other products. This incident highlights the risk to edge devices serving as initial access points. Ivanti detected the activity using their Integrity Checker Tool (ICT) and has released patches. Customers are urged to apply fixes immediately via the download portal and monitor ICT logs for signs of compromise. While no specific threat actor or malware family has been publicly attributed, the exploitation underscores the need for layered security measures and continuous monitoring of VPN infrastructure. Ivanti is collaborating with law enforcement and security partners to mitigate the threat and assist affected organizations. At Ivanti, our mission is to empower customers to defend their environments in an evolving and increasingly sophisticated threat landscape. This includes providing industry-leading products, transparent communication, and sophisticated tools to help to protect and fortify networks. Central to this mission is a culture of transparency and responsiveness, especially when facing a security issue. This is essential for the health and security of the entire industry and the organizations we serve. To this end, we are issuing an important security update addressing recently identified vulnerabilities for Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways. We are reporting the vulnerabilities as CVE-2025-0282 and CVE-2025-0283. A fix is available now in our standard download portal. We are aware of a limited number of customers’ Ivanti Connect Secure appliances which have been exploited by CVE-2025-0282 at the time of disclosure. We are not aware of these CVEs being exploited in Ivanti Policy Secure or Neurons for ZTA gateways. Threat actor activity was identified by the Integrity Checker Tool (ICT) on the same day it occurred, enabling Ivanti to respond promptly and rapidly develop a fix . We continue to work closely with affected customers, external security partners, and law enforcement agencies as we respond to this threat. We strongly advise all customers to closely monitor their internal and external ICT as a part of a robust and layered approach to cybersecurity to ensure the integrity and security of the entire network infrastructure. We have made additional resources and support teams available to assist customers in implementing the patch and addressing any concerns. Information is available in this Security Advisory on how to apply the fix and the nature of the threat so that customers can protect their environment. Thank you to our customers and security partners for their engagement and support, which enabled our swift detection and response to this issue. We remain committed to continuously improving our products and processes through collaboration and transparency with our stakeholders and the broader security ecosystem. This incident serves as a reminder of the importance of continuous monitoring and proactive and layered security measures, particularly for edge devices (such as VPNs) which provide an essential service as the initial access point to a corporate network – but which are also highly appealing to attackers. Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program. At Ivanti, our mission is to empower customers to defend their environments in an evolving and increasingly sophisticated threat landscape. This includes providing industry-leading products, transparent communication, and sophisticated tools to help to protect and fortify networks. Central to this mission is a culture of transparency and responsiveness, especially when facing a security issue. This is essential for the health and security of the entire industry and the organizations we serve. To this end, we are issuing an important security update addressing recently identified vulnerabilities for Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways. We are reporting the vulnerabilities as CVE-2025-0282 and CVE-2025-0283. A fix is available now in our standard download portal. We are aware of a limited number of customers’ Ivanti Connect Secure appliances which have been exploited by CVE-2025-0282 at the time of disclosure. We are not aware of these CVEs being exploited in Ivanti Policy Secure or Neurons for ZTA gateways. Threat actor activity was identified by the Integrity Checker Tool (ICT) on the same day it occurred, enabling Ivanti to...