Zero-Day Patch Alert: Ivanti Connect Secure Under Attack

Suspected Chinese Attackers Again Tied to Active Exploitation of VPN Appliances Mathew J. Schwartz (euroinfosec) • January 9, 2025

Internet appliance maker Ivanti has begun releasing updates to patch a zero-day vulnerability being actively exploited by suspected nation-state attackers. Security experts urged users of all affected products to immediately update their devices, after factory resetting them to flush any malware attackers may have installed.

See Also: Securing Your Workforce with Datto RMM: Automating Patching, Hardening, and Backups

On Wednesday, Ivanti pushed an emergency update for its Ivanti Connect Secure - aka Pulse Secure - VPN appliances. The update patches two flaws, including a critical stack-based buffer overflow vulnerability tracked as CVE-2025-0282 that attackers have been exploiting remotely execute code on the devices. The vulnerabilities are present in a range of firmware ...