Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways

Ivanti has released security updates to address vulnerabilities in Ivanti Connect Secure, Policy Secure, and ZTA Gateways, specifically CVE-2025-0282 and CVE-2025-0283. A cyber threat actor could exploit CVE-2025-0282 to take control of an affected system, and CISA has added it to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. CISA urges organizations to hunt for malicious activity and report any findings to CISA, and to review the Security Advisory for more information. Organizations should conduct threat hunting actions, including running the In-Build Integrity Checker Tool and conducting threat hunts on connected systems. If no compromise is found, organizations should factory reset the device, apply the patch, and monitor authentication services. If a compromise is found, organizations should report to CISA and Ivanti, disconnect affected instances, and isolate systems from enterprise resources. Organizations should also revoke and reissue connected or exposed certificates, keys, and passwords, including resetting admin enable passwords and stored API keys. Additionally, if domain accounts have been compromised, organizations should reset passwords, revoke Kerberos tickets, and revoke tokens for cloud accounts. After investigation, organizations should fully patch and restore the system to service, and report incidents and anomalous activity to CISA's 24/7 Operations Center. Organizations should provide detailed information about the incident when reporting, including date, time, and location, type of activity, and a designated point of contact.