CyberSecurity news

FlagThis - #ivanti

Pierluigi Paganini@securityaffairs.com //

CISA Adds CrushFTP Vulnerability to KEV Catalog - CISA has added CVE-2025-31161, a critical authentication bypass vulnerability in CrushFTP, to its KEV catalog due to active exploitation in the wild, allowing unauthenticated remote attackers to potentially take over susceptible instances.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161, a critical authentication bypass vulnerability in CrushFTP, to its Known Exploited Vulnerabilities (KEV) catalog. This decision follows confirmed active exploitation of the vulnerability in the wild, targeting multiple sectors including retail, marketing, and semiconductor industries. The flaw, present in versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0, allows unauthenticated remote attackers to potentially take over susceptible instances of CrushFTP file transfer software if exposed publicly over HTTP(S).

The vulnerability stems from a weakness in the HTTP authorization header, enabling attackers to authenticate to any known or guessable user account, such as "crushadmin," potentially leading to a full system compromise. CrushFTP released fixes for the issue in versions 10.8.4 and 11.3.1, urging customers to update their systems immediately. Initial disclosure of the vulnerability has been controversial, with accusations of premature disclosure and attempts to conceal the issue to allow time for patching. Despite the controversy, the inclusion of CVE-2025-31161 in the KEV catalog signifies its high risk and the need for immediate action.

SecurityWeek reports that the ongoing exploitation of the vulnerability has seen attackers deploying tools like MeshAgent for remote monitoring and DLL files indicative of Telegram bot utilization for data exfiltration. In some instances, AnyDesk has been installed prior to the deployment of SAM and System registry hives for credential compromise. FortiGuard Labs has also observed in-the-wild attack attempts targeting CVE-2025-31161. Although Shadowserver Foundation reports a decline in attacks since patches were issued on March 21, 2025, the CISA's warning and inclusion in the KEV catalog emphasize the persistent threat and the critical need for organizations to apply the necessary updates.

Recommended read:
References :
  • The Hacker News: CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
  • www.cybersecuritydive.com: CISA adds Ivanti Connect Secure vulnerability to KEV catalog
  • fortiguard.fortinet.com: FortiGuard Labs has observed in-the-wild attack attempts targeting CVE-2025-31161, an authentication bypass vulnerability in CrushFTP managed file transfer (MFT) software
  • securityboulevard.com: Imperva Customers Are Protected Against CVE-2025-31161 in CrushFTP
  • www.scworld.com: Attacks involving critical CrushFTP vulnerability target several sectors
  • DataBreaches.Net: CISA, experts warn of Crush file transfer attacks after a controversial disclosure
Rescana@Rescana //

CISA Warns of Critical CrushFTP Authentication Bypass - CISA has added CVE-2025-31161, an authentication bypass vulnerability in CrushFTP, to its KEV catalog, indicating active exploitation allowing attackers to bypass authentication and take over administrative accounts.
CISA has issued an urgent warning regarding a critical authentication bypass vulnerability, CVE-2025-31161, in CrushFTP, a widely-used file transfer server solution. The agency has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling that it is actively being exploited in the wild. This flaw allows attackers to bypass authentication mechanisms and potentially gain unauthorized administrative access to vulnerable CrushFTP servers, posing significant risks to both government agencies and private organizations. Federal cybersecurity officials are urging immediate action to mitigate the threat.

The vulnerability, which affects CrushFTP server versions before 10.8.4 and 11.3.1, stems from improper validation of authentication tokens in the CrushFTP login process. An attacker can manipulate HTTP request parameters to gain unauthorized administrative access. CISA’s advisory highlights that exploitation could lead to a full system compromise. Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are mandated to remediate this vulnerability by April 28, 2025, emphasizing the severity of the risk.

CISA strongly encourages all organizations, including private sector entities and state governments, to prioritize patching CVE-2025-31161 and adopt similar vulnerability management strategies. To mitigate the risk, organizations using CrushFTP should immediately apply available patches or updates issued by the software's developers. Additionally, reviewing system logs for any unusual activity is advised. The Cybersecurity and Infrastructure Security Agency emphasizes that this authentication bypass vulnerability represents a severe security risk, potentially allowing complete compromise of affected CrushFTP servers, and has observed sophisticated threat actors actively exploiting it to establish persistent access to critical systems.

Recommended read:
References :
  • Cyber Security News: CISA Warns of CrushFTP Authentication Bypass Vulnerability Exploited in Attacks
  • thecyberexpress.com: CISA Warns of CrushFTP Exploit Letting Attackers Bypass Authentication
  • The Hacker News: CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
  • ciso2ciso.com: CISA Warns of CrushFTP Vulnerability Exploitation in the Wild – Source: www.infosecurity-magazine.com
  • cyberpress.org: CISA Warns of CrushFTP Authentication Bypass Vulnerability Exploited in Attacks
  • gbhackers.com: CISA Alerts on Actively Exploited CrushFTP Authentication Bypass Vulnerability
  • gbhackers.com: CISA Alerts on Actively Exploited CrushFTP Authentication Bypass Vulnerability
  • fortiguard.fortinet.com: FortiGuard Labs has observed in-the-wild attack attempts targeting CVE-2025-31161, an authentication bypass vulnerability in CrushFTP managed file transfer (MFT) software.
  • www.scworld.com: Attacks involving critical CrushFTP vulnerability target several sectors
do son@Daily CyberSecurity //

CISA Warns of RESURGE Malware Exploiting Ivanti Flaw - CISA released a report detailing the RESURGE malware, exploiting CVE-2025-0282 in Ivanti Connect Secure appliances, which can create web shells, manipulate integrity checks, and modify files for unauthorized access.
CISA has issued a Malware Analysis Report (MAR-25993211-r1.v1) detailing a new malware variant named RESURGE, which exploits a critical vulnerability in Ivanti Connect Secure devices (CVE-2025-0282). The analysis indicates that RESURGE exhibits capabilities similar to the SPAWNCHIMERA malware, including surviving system reboots, but contains distinctive commands that alter its behavior. According to CISA, RESURGE can create web shells, manipulate integrity checks, and modify files, enabling credential harvesting, account creation, password resets, and escalating permissions.

RESURGE can also copy the web shell to the Ivanti running boot disk and manipulate the running coreboot image, ensuring persistence and unauthorized access. CISA strongly advises organizations using Ivanti Connect Secure devices to take immediate action to mitigate this threat by applying security patches for CVE-2025-0282, monitoring network traffic for unusual SSH connections, and implementing robust logging practices to detect tampering attempts. The vulnerability, CVE-2025-0282, is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways that could result in remote code execution.

Recommended read:
References :
  • securityonline.info: CISA Warns of RESURGE Malware: Exploiting Ivanti Vulnerability
  • Cyber Security News: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report (MAR-25993211-r1.v1) detailing the exploitation of a critical vulnerability in Ivanti Connect Secure devices (CVE-2025-0282).
  • bsky.app: CISA has published a technical report on RESURGE, a web shell installed on Ivanti Connect Secure devices via CVE-2025-0282
  • thehackernews.com: RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
  • securityaffairs.com: CISA warns of RESURGE malware exploiting Ivanti flaw
  • Help Net Security: CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the CVE-2025-0282 zero-day.
  • : It’s the end of March 2025...of course CISOs still need to worry about Ivanti Connect Secure flaws.
  • www.cybersecuritydive.com: CVE-2025-0282, a critical vulnerability that affects Ivanti’s Connect Secure, Policy Secure and ZTA Gateway products, was disclosed and patched in January.
  • : CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282
  • thecyberexpress.com: CISA Details New Malware Used in Ivanti Attacks
  • Sam Bent: A newly discovered malware named RESURGE is targeting Ivanti Connect Secure vulnerabilities, delivering stealth capabilities like rootkits and web shells. Tied to China-linked espionage groups.
  • The Register - Security: CISA spots spawn of Spawn malware targeting Ivanti flaw
  • Arctic Wolf: CVE-2025-22457: Ivanti Connect Secure VPN Vulnerable to Zero-Day RCE Exploitation
  • cert.europa.eu: 2025-016: Critical Vulnerability in Ivanti Products
  • securityonline.info: CVE-2025-22457: UNC5221 Exploits Ivanti Zero-Day Flaw to Deploy TRAILBLAZE and BRUSHFIRE Malware
  • Help Net Security: Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
  • securityaffairs.com: China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March
  • The Register - Security: Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years
  • www.bleepingcomputer.com: Ivanti patches Connect Secure zero-day exploited since mid-March
  • BleepingComputer: Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.
  • Threats | CyberScoop: China-backed espionage group hits Ivanti customers again
  • www.scworld.com: Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
  • The Hacker News: Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
  • bsky.app: Mandiant links the exploitation of a Connect Secure vulnerability to a China-linked APT (UNC5221).
  • bsky.app: Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.
  • research.kudelskisecurity.com: CVE-2025-22457: Critical Ivanti Connect Secure Vulnerability
  • Arctic Wolf: Ivanti disclosed a critical zero-day vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways
  • Vulnerable U: The vulnerability affects many versions of Ivanti appliances and is being exploited by a Chinese actor
  • darkwebinformer.com: CVE-2025-22457: April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457)
Mandvi@Cyber Security News //

CISA Adds Ivanti EPM Vulnerabilities to Exploited List - CISA added three Ivanti Endpoint Manager (EPM) vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation, urging federal agencies to apply patches by March 31, 2025, to mitigate risks like unauthorized access.
CISA has added three critical Ivanti Endpoint Manager (EPM) flaws to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. The affected vulnerabilities are CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161. These flaws are absolute path traversal vulnerabilities that could allow remote, unauthenticated attackers to fully compromise vulnerable servers, potentially granting unauthorized access to sensitive information. Federal agencies have been given until March 31, 2025, to apply the necessary patches and mitigate these threats.

CISA urges all organizations, including those in the private sector, to prioritize timely remediation of these Ivanti EPM vulnerabilities. Security experts warn that delays in patching can lead to full domain compromise, credential theft, and lateral movement by malicious actors. Given the recent history of Ivanti vulnerabilities, proactive security measures and rapid patching are essential to defend against potential attacks. The large market share of Ivanti products makes them a prime target for malicious actors, emphasizing the importance of immediate patching and continuous hardening of systems.

Recommended read:
References :
  • BleepingComputer: CISA tags critical Ivanti EPM flaws as actively exploited in attacks
  • : CISA Urges All Organizations to Patch Exploited Critical Ivanti Vulnerabilities
  • www.scworld.com: 3 Ivanti flaws added to CISA list of known exploited vulnerabilities
  • The DefendOps Diaries: Addressing Critical Vulnerabilities in Ivanti Endpoint Manager
  • www.cybersecuritydive.com: CISA: 3 Ivanti endpoint vulnerabilities exploited in the wild
  • Cyber Security News: CISA Adds 3 Ivanti Endpoint Manager Flaws to Exploited Vulnerabilities Catalog
@gbhackers.com //

Ivanti EPM Vulnerabilities Exploited - PoC exploit code is now available for critical information disclosure vulnerabilities in Ivanti EPM, allowing remote attackers to leak sensitive information.
References: arcticwolf.com , bsky.app , gbhackers.com ...
Proof-of-concept exploit code has been released for critical vulnerabilities affecting Ivanti Endpoint Manager (EPM). Disclosed in January, these vulnerabilities allow remote, unauthenticated attackers to potentially compromise systems through credential coercion. Security firm Horizon3.ai published the exploit code and technical details on February 19, 2025, escalating the risk for organizations utilizing the Ivanti EPM platform. The vulnerabilities stem from improper validation of user input, allowing attackers to manipulate file paths and force the EPM server to authenticate to malicious SMB shares.

These vulnerabilities, identified as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, affect the WSVulnerabilityCore.dll component of Ivanti EPM. An attacker can coerce the Ivanti EPM machine account credential to be used in relay attacks, potentially leading to a full domain compromise. The exploit chain involves credential harvesting and relay attacks.

Recommended read:
References :
  • arcticwolf.com: On 19 February 2025, Horizon3.ai published proof-of-concept (PoC) exploit code and technical details for critical Ivanti Endpoint Manager (EPM) vulnerabilities disclosed in January.
  • bsky.app: Horizon3 has published a write-up and POCs for four credential coercion vulnerabilities the company found and Ivanti patched in January. Bugs can be used by "an unauthenticated attacker to coerce the Ivanti EPM machine account credential to be used in relay attacks"
  • gbhackers.com: PoC Exploit Released for Ivanti EPM Vulnerabilities
  • gbhackers.com: GB Hackers Post on POC exploit for Ivanti vulnerabilities.
info@thehackernews.com (The Hacker News)@The Hacker News //

Ivanti Patches Critical RCE Flaws in Connect Secure - Ivanti has released security updates for Connect Secure, Policy Secure, and Secure Access Client to address multiple vulnerabilities, including critical remote code execution flaws.
Ivanti has released critical security updates for Connect Secure (ICS), Policy Secure (IPS), and Secure Access Client (ISAC) to address multiple vulnerabilities. These include three critical severity problems that could allow remote code execution (RCE), posing a significant risk. The updates aim to patch flaws such as external control of a file name (CVE-2024-38657) and a stack-based buffer overflow (CVE-2025-22467), which can be exploited by authenticated attackers to execute arbitrary code and compromise system integrity.

The specific vulnerabilities addressed include CVE-2024-38657, which allows remote authenticated attackers with admin privileges to write arbitrary files, and CVE-2025-22467, a stack-based buffer overflow that enables remote code execution. Also patched is CVE-2024-10644 which is a code injection vulnerability, and CVE-2024-47908, an operating system command injection flaw in the admin web console of Ivanti CSA. Users are urged to update to the latest versions, Ivanti Connect Secure 22.7R2.6, Ivanti Policy Secure 22.7R1.3, and Ivanti CSA 5.0.5, as soon as possible to mitigate potential exploitation. While Ivanti is not aware of active exploitation, it's imperative to apply the patches due to the history of Ivanti appliances being weaponized.

Recommended read:
References :
  • Vulnerability-Lookup: Security advisory for Ivanti Connect Secure, Policy Secure, and Secure Access Client (multiple CVEs).
  • securityonline.info: Ivanti has disclosed multiple vulnerabilities affecting its Connect Secure, Policy Secure, and Secure Access Client products, with some The post appeared first on .
  • The Hacker News: Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
  • BleepingComputer: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • securityonline.info: CVE-2025-22467 (CVSS 9.9): Ivanti Connect Secure Vulnerability Allows Remote Code Execution
  • www.bleepingcomputer.com: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • vulnerability.circl.lu: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs), has been published on Vulnerability-Lookup
  • research.kudelskisecurity.com: Ivanti ICS, IPS, ISAC, CSA: Multiple Vulnerabilities Disclosed and Patched
  • bsky.app: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • socradar.io: Ivanti Security Update Addresses Severe Vulnerabilities in ICS, IPS, and ISAC (CVE-2025-22467, CVE-2024-38657, CVE-2024-10644)
  • research.kudelskisecurity.com: Ivanti ICS, IPS, ISAC, CSA: Multiple Vulnerabilities Disclosed and Patched
  • BleepingComputer: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems
@thecyberexpress.com //

Ivanti CSA Vulnerabilities Exploited - Multiple critical vulnerabilities in Ivanti CSA are being actively exploited by Chinese state-sponsored actors, allowing attackers to gain unauthorized access and execute arbitrary code.
US cybersecurity agencies, CISA and the FBI, have issued warnings regarding the active exploitation of four critical vulnerabilities within Ivanti Cloud Service Appliances (CSA). These flaws, designated as CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380, are being leveraged by Chinese state-sponsored actors to breach vulnerable networks. The agencies released detailed technical information, including indicators of compromise (IOCs), highlighting that attackers are using two primary exploit chains to gain unauthorized access, execute arbitrary code, and implant webshells on victim systems.

Specifically, one exploit chain combines CVE-2024-8963, CVE-2024-8190, and CVE-2024-9380, while the other uses CVE-2024-8963 along with CVE-2024-9379. These vulnerabilities affect Ivanti CSA versions 4.6x before 519, and versions 5.0.1 and below for CVE-2024-9379 and CVE-2024-9380. Notably, CSA version 4.6 is end-of-life and does not receive security patches, making it particularly susceptible. The agencies urge organizations to apply patches promptly and implement robust security measures to defend against these active threats, further highlighting the speed at which disclosed vulnerabilities are weaponized.

Recommended read:
References :
  • ciso2ciso.com: FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
  • Pyrzout :vm:: Four Critical Ivanti CSA Vulnerabilities Exploited—CISA and FBI Urge Mitigation
  • www.bleepingcomputer.com: CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks.
  • thecyberexpress.com: Four Critical Ivanti CSA Vulnerabilities Exploited—CISA and FBI Urge Mitigation
  • www.helpnetsecurity.com: Report on Cisco's fixes for ClamAV vulnerability and a critical Meeting Management flaw.
  • www.scworld.com: Ivanti CSA exploit chains examined in joint CISA, FBI advisory
  • : CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
  • ciso2ciso.com: FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know – Source: www.securityweek.com
  • Pyrzout :vm:: Anatomy of an Exploit Chain: CISA, FBI Detail Ivanti CSA Attacks  – Source:cyble.com #'Cyber
  • securityonline.info: CISA and FBI Warn of Exploited Ivanti CSA Vulnerabilities in Joint Security Advisory
  • securityonline.info: CISA and FBI Warn of Exploited Ivanti CSA Vulnerabilities in Joint Security Advisory
  • ciso2ciso.com: Anatomy of an Exploit Chain: CISA, FBI Detail Ivanti CSA Attacks
@thecyberexpress.com //

Critical Flaws in Ivanti Endpoint Manager - Multiple critical path traversal vulnerabilities, tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, have been identified in Ivanti Endpoint Manager (EPM) software, allowing unauthenticated attackers to extract sensitive information.
Multiple critical vulnerabilities have been discovered in Ivanti Endpoint Manager (EPM) software, posing a significant risk to users. Tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, these path traversal flaws allow unauthenticated attackers to extract sensitive information from affected systems. Ivanti has released patches to address these vulnerabilities, highlighting the critical need for proactive patching and system updates to mitigate potential exploits.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned that threat actors are actively exploiting vulnerabilities in Ivanti Cloud Service Appliances (CSA), some of which were patched as far back as September. Attackers have been observed using multiple exploit chains that leverage CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 to achieve remote code execution, harvest credentials, and implant webshells on compromised networks. Notably, Ivanti CSA version 4.6 is now end-of-life and no longer receives patches, making it particularly susceptible to attacks.

Recommended read:
References :
  • ciso2ciso.com: FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
  • BleepingComputer: CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September
  • Pyrzout :vm:: Four Critical Ivanti CSA Vulnerabilities Exploited—CISA and FBI Urge Mitigation
  • ciso2ciso.com: FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
  • thecyberexpress.com: Four Critical Ivanti CSA Vulnerabilities Exploited—CISA and FBI Urge Mitigation
@gbhackers.com //

Ivanti Connect Secure RCE Vulnerability - A critical remote code execution vulnerability (CVE-2025-0282) has been identified in Ivanti Connect Secure, allowing arbitrary code execution by unauthenticated attackers.
A critical remote code execution vulnerability, identified as CVE-2025-0282, has been discovered in Ivanti Connect Secure, affecting versions prior to 22.7R2.5. This flaw is due to a stack-based buffer overflow, and allows unauthenticated, remote attackers to execute arbitrary code. A proof-of-concept exploit, named CVE-2025-0282.rb, has been released, demonstrating how attackers can bypass Address Space Layout Randomization (ASLR) by guessing the base address of a shared library, which could take around 30 minutes in testing. The vulnerability impacts the IF-T/TLS protocol handler on TCP port 443, allowing attackers to gain remote code execution with non-root "nr" user privileges.

Ivanti has acknowledged the vulnerability and assigned it a high CVSS score of 9.0, emphasizing the urgent need for patching. Security analysts have rated both the attacker value and exploitability of this flaw as very high, further highlighting the critical nature of this issue. The flaw was first discovered in the wild around mid-December 2024, with technical analysis by watchTowr on January 10th providing in-depth details of the exploitation mechanics. A related but separate vulnerability, CVE-2025-0283, concerning local privilege escalation was also addressed by Ivanti, however, there are currently no reports of it being exploited.

Recommended read:
References :
  • gbhackers.com: PoC Exploit Released for Ivanti Connect Secure RCE Vulnerability
  • gbhackers.com: PoC Exploit Released for Ivanti Connect Secure RCE Vulnerability
  • github.com: CVE-2025-0282: Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282)
  • securityaffairs.com: A critical remote code execution vulnerability (CVE-2025-0282) has been found in Ivanti Connect Secure, affecting versions prior to 22.7R2.5.

Posts

Blogs

Research Tools