CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0282 |
Description: Written by: John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov, Dhanesh Kizhakkinan, Jacob Thompson
Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more indicators, detections, and information to this blog post as needed.
On Wednesday, Jan. 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. Mandiant has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network.
Ivanti and its affected customers identified the compromise based on indications from the company-supplied Integrity Checker Tool (“ICT”) along with other commercial security monitoring tools. Ivanti has been working closely with Mandiant, affected customers, government partners, and security vendors to address these issues. As a result of their investigation, Ivanti has released patches for the vulnerabilities exploited in this campaign and Ivanti customers are urged to follow the actions in the Security Advisory to secure their systems as soon as possible.
Mandiant is currently performing analysis of multiple compromised Ivanti Connect Secure appliances from multiple organizations. The activity descri...
CVSS: CRITICAL (9.0) EPSS Score: 15.33%
January 9th, 2025 (6 months ago)
|
|
CVE-2025-0282 |
Description: Ivanti released security updates to address vulnerabilities (CVE-2025-0282, CVE-2025-0283) in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. A cyber threat actor could exploit CVE-2025-0282 to take control of an affected system.CISA has added CVE-2025-0282 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CISA urges organizations to hunt for any malicious activity, report any positive findings to CISA, and review the following for more information:
Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283)
For all instances of Ivanti Connect Secure, Policy Secure, and ZTA Gateways, see the following steps for general hunting guidance:
Conduct threat hunting actions:
Run the In-Build Integrity Checker Tool (ICT). Instructions can be found here.
Conduct threat hunt actions on any systems connected to—or recently connected to—the affected Ivanti device.
If threat hunting actions determine no compromise:
Factory reset the device and apply the patch described in Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283).
Monitor the authentication or identity management services that could be exposed.
Continue to audit privilege level access accounts.
If threat hunting actions determine compromise:
Report to CISA and Ivanti immediately to start forensic investigation and in...
CVSS: CRITICAL (9.0) EPSS Score: 15.33%
January 8th, 2025 (6 months ago)
|
|
CVE-2025-0282 |
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-0282 Ivanti Connect Secure Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
CISA urges organizations to apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service
Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283)
CISA Mitigation Instructions for CVE-2025-0282
Organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at [email protected] or (888) 282-0870. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch...
CVSS: CRITICAL (9.0) EPSS Score: 15.33%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-53995 |
Description: SickChill is an automatic video library manager for TV shows. A user-controlled login endpoint's next_ parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to settings.DEFAULT_PAGE instead of to the next parameter.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-53995
https://github.com/SickChill/sickchill/pull/8811
https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de18bf82
https://github.com/SickChill/sickchill/blob/846adafdfab579281353ea08a27bbb813f9a9872/sickchill/views/authentication.py#L33
https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill
https://github.com/advisories/GHSA-6gf2-ffq8-gcww
CVSS: LOW (1.9) EPSS Score: 0.05%
January 8th, 2025 (6 months ago)
|
|
CVE-2025-0282 |
Description: Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.
CVSS: CRITICAL (9.0) EPSS Score: 15.33%
January 8th, 2025 (6 months ago)
|
|
Description: A Threat Actor is Allegedly Selling Unauthorized Access to a Manufacturing Company in Greece
January 8th, 2025 (6 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling Source Code for an ELF Crypter
January 8th, 2025 (6 months ago)
|
|
|
January 8th, 2025 (6 months ago)
|
|
|
Description: The voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard.
January 8th, 2025 (6 months ago)
|
|
|
Description: Cyberattackers injected the NFL Wild Card team's online Pro Shop with malicious code to steal credit-card data from 8,500 fans.
January 8th, 2025 (6 months ago)
|