Recurring Vulnerabilities in Ivanti Remote Access Devices: A Call for Immediate Action
Title: Chinese Cyber Threat Actor Targets Ivanti Devices Amid New Vulnerabilities
A renewed wave of cyber threats is sweeping through organizations relying on Ivanti remote access solutions, with sophisticated Chinese threat actors exploiting critical vulnerabilities in the company’s Connect Secure and Policy Secure gateways. The threat, attributed to the group UNC5337, has raised alarms in cybersecurity circles, given the prominence of Ivanti appliances in enterprise environments.
The issues began surfacing last January, when serious flaws in Ivanti’s systems were reported. A year later, in an unfortunate déjà vu, these vulnerabilities are being targeted again, this time through a newly discovered critical exploit—CVE-2025-0282—which allows potential attackers to execute code as root with no authentication necessary. The accompanying vulnerability, CVE-2025-0283, while less severe, further complicates the landscape for Ivanti users.
"Just because we’re seeing these issues frequently doesn’t mean they’re easy to exploit," noted Adam Marrè, CISO at Arctic Wolf. "The engineering involved in secure systems is complex." Mandiant, a cybersecurity company, has linked the recent attacks to a family of malware, including the Spawn variants, capable of maintaining persistence and stealing credentials, showcasing the attackers’ advanced techniques.
With over 2,000 instances of the vulnerable Ivanti systems reported, predominantly in the U.S., France, and Spain, both Ivanti and the Cybersecurity and Infrastructure Security Agency (CISA) have issued advisories urging immediate action to mitigate the risks. "We’ve released a patch," stated an Ivanti spokesperson. "However, vulnerabilities in Policy Secure and ZTA gateways will not be patched until January 21."
As the cyber landscape evolves, organizations are reminded to prioritize timely updates and rigorous monitoring to protect against potential breaches. Failure to do so could have catastrophic consequences in an age where cyber threats are increasingly prevalent and sophisticated.