US software giant Evanti has warned that a day zero Vulnerabilities in its widely-used enterprise VPN appliance were exploited to compromise the networks of its corporate customers.
Ivanti said Wednesday that critical-rated vulnerabilities, as tracked CVE-2025-0282Can be exploited without any authentication Plant malicious code remotely In Evanti's Connect Secure, Policy Secure, and ZTA Gateway products. Ivanti It says Connect Secure The Remote-Access VPN solution is “the most widely adopted SSL VPN by organizations of every size across every major industry.”
This is the latest exploited security vulnerability to target Evanti's products in recent years. Last year, the tech maker promised to overhaul its security processes when hackers noticed the vulnerability quite a few of of product to launch mass hacks against its customers.
The company said it became aware of the latest vulnerability after its Evanti Integrity Checker tool (ICT) flagged malicious activity on some customers' machines.
In An advisory post Published Wednesday, Ivanti confirmed that threat actors are actively exploiting CVE-2025-0282 “as a zero-day,” meaning the company did not have time to fix the vulnerability before it was discovered and exploited, and that it was aware of a “limited number of customers,” whose Ivanti Connect Secure appliance was hacked.
Ivanti said a patch is currently available for Connect Secure, but that patches for Policy Secure and ZTA Gateway — neither of which have confirmed exploitability — won't be released until January 21.
The company said it also discovered a second vulnerability, tracked as CVE-2025-0283which has not yet been exploited.
Ivanti did not say how many of its customers were affected by the hack or who was behind the intrusion. Evanti spokespeople did not respond to TechCrunch's queries by press time.
Incident response firm Mandient, which discovered the vulnerability with Microsoft researchers, said in a blog post published late Wednesday Its researchers saw hackers exploit the Connect Secure zero-day in mid-December 2024.
In an email to TechCrunch, Mandient said it could not attribute the exploit to a specific threat actor, but it suspected a China-linked cyberespionage group — tracked by its designation UNC5337 And UNC5221. This is the same cluster of threat group activity Connect Secure exploits two zero-day flaws to launch massive hacks against Ivanti customers in 2024, Mandiant said in its report Blog post on wednesday
Ben Harris, CEO of security research firm Watchtower Labs, told TechCrunch in an email that the company has seen “massive impact” from this latest Ivanti VPN flaw and is “working around the clock with clients to make sure they're aware.”
Harris added that this vulnerability is a significant concern because the attacks “have all the characteristics [an advanced persistent threat] zero-day use against a mission-critical device,” and everyone is “requested to please take it seriously,” he said.
UK's National Cyber Security Center Dr In a sermon that it is “investigating active exploits affecting UK networks.” US cyber security agency CISAO Added vulnerability In the catalog of known-exploited vulnerabilities.