Threat Actors Once Again Exploit a Critical RCE Vulnerability in Ivanti

Regional
Threat Actors Once Again Exploit a Critical RCE Vulnerability in Ivanti

Published:

Written by: Staff Editor
spot_img

Recurring Vulnerabilities in Ivanti Remote Access Devices: A Call for Immediate Action

Title: Chinese Cyber Threat Actor Targets Ivanti Devices Amid New Vulnerabilities

A renewed wave of cyber threats is sweeping through organizations relying on Ivanti remote access solutions, with sophisticated Chinese threat actors exploiting critical vulnerabilities in the company’s Connect Secure and Policy Secure gateways. The threat, attributed to the group UNC5337, has raised alarms in cybersecurity circles, given the prominence of Ivanti appliances in enterprise environments.

The issues began surfacing last January, when serious flaws in Ivanti’s systems were reported. A year later, in an unfortunate déjà vu, these vulnerabilities are being targeted again, this time through a newly discovered critical exploit—CVE-2025-0282—which allows potential attackers to execute code as root with no authentication necessary. The accompanying vulnerability, CVE-2025-0283, while less severe, further complicates the landscape for Ivanti users.

"Just because we’re seeing these issues frequently doesn’t mean they’re easy to exploit," noted Adam Marrè, CISO at Arctic Wolf. "The engineering involved in secure systems is complex." Mandiant, a cybersecurity company, has linked the recent attacks to a family of malware, including the Spawn variants, capable of maintaining persistence and stealing credentials, showcasing the attackers’ advanced techniques.

With over 2,000 instances of the vulnerable Ivanti systems reported, predominantly in the U.S., France, and Spain, both Ivanti and the Cybersecurity and Infrastructure Security Agency (CISA) have issued advisories urging immediate action to mitigate the risks. "We’ve released a patch," stated an Ivanti spokesperson. "However, vulnerabilities in Policy Secure and ZTA gateways will not be patched until January 21."

As the cyber landscape evolves, organizations are reminded to prioritize timely updates and rigorous monitoring to protect against potential breaches. Failure to do so could have catastrophic consequences in an age where cyber threats are increasingly prevalent and sophisticated.

spot_img

Related articles

Recent articles

Verdant IMAP Wins Best Private Equity Advisory at 2025 Africa Service Providers Awards

Regional
Verdant IMAP Wins Top Honor at Africa Global Funds Awards 2025 Verdant IMAP has been recognized at the Africa Global Funds (AGF) Africa Service Providers...
Read more

CISA Warns of VMware Zero-Day Exploit Used by China-Linked Hackers in Ongoing Attacks

Global
Cybersecurity Alert: Critical Vulnerability in VMware Affects Many Systems Overview of the Vulnerability On October 31, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) flagged...
Read more

Defense Contractor Manager Admits Guilt in Selling Cyber Exploits to Russian Broker

Resources
Understanding Insider Threats in Cybersecurity: The Case of Peter Williams Insider threats in cybersecurity pose a significant risk to national security and corporate integrity. The...
Read more

Nvidia: A Tech Titan Surpassing India’s Economy in the AI Era

Fact Check
Nvidia’s Historic $5 Trillion Valuation: A New Era in Global Economics New Delhi | Business Desk In a monumental moment that reshapes the landscape of global...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com