WASHINGTON D.C., January 9, 2025 – A global security flaw in Ivanti software (CVE-2025-0282) exploited by China-linked hackers forces CISA to mandate emergency patches by January 15, 2025.
A critical security vulnerability in Ivanti’s widely used software is wreaking havoc globally, with federal agencies racing against time to patch the flaw. The vulnerability, tracked as CVE-2025-0282, allows attackers to remotely execute code, compromising sensitive systems and data.
The flaw has already been exploited by China-linked threat actors, as confirmed by cybersecurity firm Mandiant. These attackers deployed advanced malware frameworks like SPAWN, PHASEJAM, and DRYHOOK, targeting Ivanti Connect Secure, Policy Secure, and ZTA Gateway appliances.
Alarmingly, these malicious tools enable attackers to disable logs, modify system upgrades, and harvest credentials, posing severe risks to organizational security. A cybersecurity expert said:
CVE-2025-0282 is a wake-up call for global cybersecurity. The speed and sophistication of these attacks highlight the urgency for robust defenses.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included CVE-2025-0282 in its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are now mandated to apply patches by January 15, 2025, as organizations scramble to detect signs of compromise. Ivanti has assured swift action, stating:
We’ve secured the system and worked promptly to develop a fix.
Mandiant’s investigation reveals that the attackers employed undocumented malware to infiltrate networks and exfiltrate critical data. Affected states, including California and New York, are urging local agencies to bolster cybersecurity measures.
This incident serves as another stark reminder of the vulnerabilities inherent in our connected world, underscoring the pressing need for cybersecurity vigilance.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life.
