FlagThis

Multiple critical vulnerabilities in Ivanti CSA have been actively exploited by Chinese state-sponsored actors, prompting warnings from CISA and the FBI. These vulnerabilities allow attackers to gain unauthorized access and execute arbitrary code. The agencies have released detailed technical information and IOCs for network defenders. These exploits highlight the need for immediate patching and robust security measures, and demonstrates the speed at which attackers are weaponizing disclosed vulnerabilities.

Multiple critical vulnerabilities, tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, have been identified in Ivanti Endpoint Manager (EPM) software. These path traversal vulnerabilities allow unauthenticated attackers to extract sensitive information from affected systems. Ivanti has released patches to address these severe flaws. This incident underscores the significant risk posed by software vulnerabilities and the importance of proactive patching and system updates.

A critical vulnerability (CVE-2025-0282) has been identified in Ivanti Connect Secure, allowing remote unauthenticated attackers to execute arbitrary code. This is due to a stack-based buffer overflow vulnerability in versions before 22.7R2.5. Proof of concept exploit code has been released.

A critical zero-day vulnerability, tracked as CVE-2025-0282, has been discovered in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow allows unauthenticated remote attackers to achieve remote code execution. This is in addition to CVE-2025-0283 which is another stack-based buffer overflow, which requires a local authenticated attacker. This vulnerability is currently being actively exploited in the wild. Organizations are advised to apply the available patches immediately and perform factory resets to ensure complete removal of any potential malware. Ivanti has a long history of being targeted.