Security Update: Ivanti Connect Secure (CVE-2025-0282)

A critical vulnerability, CVE-2025-0282, has been discovered in Ivanti's Connect Secure, Policy Secure, and ZTA Gateways, potentially allowing unauthenticated remote attackers to execute remote code on the affected systems. This flaw impacts specific versions of these products, and Detectify Surface Monitoring has initiated payload-based tests to detect the vulnerability since January 13, 2025. Detectify employs techniques such as sending payloads to request headers and URLs to identify vulnerabilities, and their Application Scanning involves extensive crawling and fuzzing of application parameters. Ivanti has released patches for some affected versions to address this issue.