Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17)

Ivanti recently released a security advisory for two critical vulnerabilities in its Connect Secure, Policy Secure and ZTA gateway products.
If left unpatched, these vulnerabilities could enable a potential attacker to compromise enterprise infrastructure.
Palo Alto Networks has developed protections for these vulnerabilities and SHA signatures for known threat actor tooling.
We expect these signatures to grow in size and significance in the near term based on the high quality of the IoCs reported by third parties.
Unit 42 has also identified a cluster of activity in the wild using the RCE vulnerability.
Specifically, we observed a threat actor’s use of a Perl script to harvest credentials from an affected Ivanti appliance, likely to move laterally into the victim environment.
We have developed a set of YARA rules for these findings.
Customers should patch these vulnerabilities immediately and should contact Unit 42 or their Palo Alto Networks sales representative for more information.

Fast Feed