Security News > 2024 > April > Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks
While Ivanti said the remote code execution risks are limited to "Certain conditions," the company didn't provide details on the vulnerable configurations.
"We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure," Ivanti added.
Shodan, a search engine used to discover Internet-exposed services and devices, currently tracks over 29,000 Ivanti Connect Secure VPN gateways exposed online, while threat monitoring platform Shadowserver sees over 18,000.
Nation-state actors have been exploiting multiple vulnerabilities in Ivanti software this year, and thousands of Ivanti Connect Secure and Policy Secure endpoints are still at risk.
In response, the U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive to federal agencies ordering them to secure their Ivanti systems against attacks using the zero-day flaws.
The directive was later amended to require agencies to disconnect vulnerable Ivanti VPN appliances and rebuild them with patched software before bringing them back online.
News URL
Related news
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- SonicWall SMA VPN devices targeted in attacks since January (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans (source)