At a glance.
- Ivanti patches actively exploited zero-day.
- Attackers target one-click vulnerability affecting GFI KerioControl firewalls.
- Palo Alto Networks patches vulnerabilities affecting its Expedition migration tool.
Ivanti patches actively exploited zero-day.
Ivanti has issued a patch for a Connect Secure remote code execution vulnerability (CVE-2025-0282) that was being exploited as a zero-day, BleepingComputer reports. The flaw also affects Policy Secure and Neurons for ZTA gateways, though the company has only observed exploitation in Connect Secure. Patches for Policy Secure and Neurons for ZTA gateways will be released on January 21st. Rapid7 warns that "[c]ustomers should apply available Ivanti Connect Secure patches immediately, without waiting for a typical patch cycle to occur."
Ivanti discovered the flaw through its Integrity Checker Tool (ICT) and has been collaborating with Google's Mandiant and Microsoft's Threat Intelligence Center. Mandiant's CTO Charles Carmakal said in a LinkedIn post that a China-nexus threat actor has been exploiting the vulnerability to deploy malware since at least mid-December 2024.
Ivanti stated, "We strongly advise all customers to closely monitor their internal and external ICT as a part of a robust and layered approach to cybersecurity to ensure the integrity and security of the entire network infrastructure."