Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Members of public are advised to stay vigilant and not follow any instructions given by these scammers. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Zero-Day Vulnerability in Ivanti Connect Secure
Alerts

Active Exploitation of Critical Zero-Day Vulnerability in Ivanti Connect Secure

10 January 2025

Ivanti has released updates addressing a critical zero-day vulnerability (CVE-2025-0282) in the Ivanti Connect Secure product. This vulnerability is reportedly being actively exploited.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to perform remote code execution (RCE) on vulnerable devices.

This vulnerability affects Ivanti Cloud Secure versions prior to 22.7R2.5.

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US

https://nvd.nist.gov/vuln/detail/CVE-2025-0282

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-flaw-used-in-zero-day-attacks/