CinchOps Alert for Houston Businesses: Critical Vulnerabilities Discovered in Ivanti Products

On January 8, 2025, Ivanti disclosed two significant vulnerabilities affecting multiple enterprise products, with one already being actively exploited in the wild. Here’s what security teams need to know and how to protect their organizations.

Affected Products

In today’s challenging cybersecurity environment, understanding which products are impacted is crucial for prioritizing response efforts. The following Ivanti products have been identified as vulnerable:

• Ivanti Connect Secure (ICS)
• Ivanti Policy Secure
• Ivanti Neurons for ZTA gateways

The Vulnerabilities

The disclosed vulnerabilities represent significant security risks, with one already being actively exploited by threat actors. Understanding the technical details of these vulnerabilities is essential for proper risk assessment and mitigation:

1. CVE-2025-0282 (CVSS Score: 9.0)

• A critical stack-based buffer overflow vulnerability
• Allows unauthenticated remote code execution
• Currently being exploited in the wild against Ivanti Connect Secure appliances
• No known exploitation yet against Policy Secure or Neurons products

2. CVE-2025-0283 (CVSS Score: 7.0)

• A high-severity stack-based buffer overflow vulnerability
• Requires local authentication
• Enables privilege escalation
• No known exploitation at time of disclosure

Patch Availability

Timing is crucial when addressing critical vulnerabilities. Ivanti has released and scheduled patches according to the following timeline:

Ivanti Connect Secure

• Patch available now in version 22.7R2.5

Ivanti Policy Secure and Neurons for ZTA

• Patches expected January 21, 2025

Required Immediate Actions

With active exploitation already occurring, organizations must take swift and decisive action to protect their infrastructure. Here are the critical steps that need to be taken:

1. For Ivanti Connect Secure users

• Immediately upgrade to version 22.7R2.5
• Run both internal and external Integrity Checker Tool (ICT) scans
• Perform a factory reset before upgrading if ICT shows signs of compromise
• Continue monitoring ICT results as part of ongoing security measures

2. For Policy Secure users

• Ensure appliances are not exposed to the internet
• Follow Ivanti’s configuration recommendations
• Prepare for patch deployment on January 21

3. For Neurons for ZTA users

• Verify gateways are connected to ZTA controllers
• Plan for patch implementation on January 21
• Monitor for any suspicious activity

 How CinchOps Can Help

In times of critical security vulnerabilities, having expert support can make the difference between a secure response and a potential breach. Our experienced team is ready to provide comprehensive assistance.

Our team at CinchOps can assist organizations in:

• Rapidly deploying critical patches across your Ivanti infrastructure
• Monitoring for indicators of compromise
• Setting up ongoing security monitoring
• Ensuring proper configuration and security hardening
• Developing and executing an incident response plan if compromise is detected

This serious security issue requires immediate attention, especially given the history of Ivanti product vulnerabilities being actively exploited by threat actors. Don’t wait – reach out to CinchOps now to secure your infrastructure.

Remember, with the active exploitation of CVE-2025-0282 already observed, quick action is crucial to protect your organization’s assets and data. Discover more about our enterprise-grade and business protecting cybersecurity services on our Cybersecurity page.

Contact our team today to ensure your Ivanti products are properly secured and monitored.