Ivanti warns another critical security flaw is being attacked

Posted by:
John Harrison
Sun, 12 Jan
0 Comment
Feature image

Ivanti disclosed the discovery of two security vulnerabilities, with one being of critical severity. The company issued a warning to its customers regarding a critical vulnerability affecting its VPN appliances, actively exploited in the wild to distribute malware. The vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impact Ivanti Connect Secure VPN appliances, with CVE-2025-0282 posing the more significant threat, rated at a critical severity score. It is described as an unauthenticated stack-based buffer overflow that could lead to remote code execution and compromise of victim networks. The second vulnerability, also a stack-based buffer overflow, carries a high severity score of 7.0.

Additionally, Ivanti noted the deployment of new malware associated with the attacks. The company advised immediate patching and shared details about the threat actors involved, indicating that the vulnerabilities were exploited as zero-day, likely by multiple threat actors. A group identified as UNC5221, reportedly a China-linked espionage group, was responsible for deploying the SPAWN ecosystem of malware in compromised VPNs. This group is known for targeting organizations in various sectors for data exfiltration and espionage. Moreover, new malware families named DRYHOOK and PHASEJAM were observed, with their origins not yet definitively attributed.

The collaboration of Ivanti with security researchers at Mandiant revealed significant insights into the threats posed by these vulnerabilities and the potential impact of the attacks. It is essential for organizations to apply patches promptly and remain vigilant against such sophisticated cyber threats.

Tags:

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments