A critical vulnerability (CVE-2025-0282) has been identified in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This vulnerability could allow unauthenticated remote attackers to achieve remote code execution (RCE) on affected systems.
Affected Products:
- Ivanti Connect Secure (versions 22.7R2 through 22.7R2.4)
- Ivanti Policy Secure (versions 22.7R1 through 22.7R1.2)
- Ivanti Neurons for ZTA gateways (versions 22.7R2 through 22.7R2.3)
Detection
Detectify Surface Monitoring and Application Scanning customers are already scanning payload-based tests for CVE-2025-0282. The test was launched on January 13, 2025.
How does Detectift test for vulnerabilities?
Detectify Surface Monitoring sends payloads to request headers and URLs (in some cases, query parameters too). When we send a payload and observe something trying to resolve on a domain, we produce a vulnerability finding. In Application Scanning, the Detectify scanning engines crawl customers’ applications followed by extensive fuzzing of all parameters, such as cookies, and query parameters.
Patch availability
Ivanti has released a patch for some affected versions, which can be accessed here.