Ivanti VPN Zero-Day Exploit Activity
Threat Content Highlights
Threat Profiles, Objects, & Tags
-
-
- “Trending & Emerging Threats” weekly update: Ivanti VPN Zero-Day Exploit Activity (CVE-2025-0282)
- Google Cloud security researchers announced that they observed active exploitation of Ivanti Connect Secure VPN appliances. On January 8, Ivanti disclosed two vulnerabilities in the products, CVE-2025-0282 and CVE-2025-0283, and researchers revealed that they had identified "zero-day" exploitation of one of the vulnerabilities (CVE-2025-0282) since "mid-December" 2024.
The researchers attributed the exploitation activity to a "China-nexus" actor dubbed UNC5337, which possibly operates as a subcomponent of UNC5221, a broader actor group believed to be behind exploits of two other vulnerabilities in Ivanti VPN and network access control appliances (CVE-2023-46805 and CVE-2024-21887) one year prior.
- Google Cloud security researchers announced that they observed active exploitation of Ivanti Connect Secure VPN appliances. On January 8, Ivanti disclosed two vulnerabilities in the products, CVE-2025-0282 and CVE-2025-0283, and researchers revealed that they had identified "zero-day" exploitation of one of the vulnerabilities (CVE-2025-0282) since "mid-December" 2024.
- “Trending & Emerging Threats” weekly update: Ivanti VPN Zero-Day Exploit Activity (CVE-2025-0282)
-