Tech »  Topic »  Hackers Exploit Ivanti Connect Secure 0-Day to Deploy DslogdRAT and Web Shell

Hackers Exploit Ivanti Connect Secure 0-Day to Deploy DslogdRAT and Web Shell

2 days, 6 hours ago   gbhackers

Threat actors exploited a zero-day vulnerability in Ivanti Connect Secure, identified as CVE-2025-0282, to deploy malicious tools including a web shell and a sophisticated remote access trojan (RAT) named DslogdRAT.

According to a detailed analysis by JPCERT/CC, these attacks underscore the persistent and evolving risks surrounding Ivanti products, which have become a frequent target for cybercriminals.

The deployment of such malware through unpatched vulnerabilities highlights the critical need for organizations to prioritize timely updates and robust monitoring to mitigate potential breaches.

The attackers initially installed a web shell written in Perl, which operates as a CGI script to process incoming HTTP requests.

A part of the web shell

This script specifically checks for a hardcoded token in the Cookie header (DSAUTOKEN=af95380019083db5) and, upon validation, executes arbitrary commands passed through a request parameter.

Technical Breakdown of DslogdRAT and Web Shell Operations

This rudimentary yet effective backdoor likely served as ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE