Ivanti has released safety updates to address multiple safety defects that affect Connect Secure (ICS) and Policy Secure (IPS) and the application of cloud services (CSA) that can be used to achieve the implementation of arbitrary software.
List of weakness below –
CVE-2024-38657 (CVSS Score: 9.1)-External control in a file name in Ivanti Connect Secure before version 22.7R2.4 and IVANTI policy is safe before version 22.7R1.3 allows to attack a distance ratification with the official privileges to write arbitrary files to write arbitrary files To write CVE-2025-22467 (CVSS Score: 9.9)-A temporary store on the Ivanti Connect Secure before version 22.7R2.6 allows the attacker approved from the remote implementation of the CVE-2024-10644 (CVSS Score: 9.1) -Code injection in Ivanti Connect Secure before version 22.7R2.4 and safe Ivanti policy before version 22.7R1.3 allows a distance certified striker with the officials' privileges to implement a CVE-2024-47908 (CVSS Score: 9.1)-The operating system allows IVANTI CSA injection unit on the IVANTI CSA before version 5.0.5 to attack a distance ratification with the officials' privileges to achieve the implementation of the remote symbol
The shortcoming versions of the versions were treated below –
Ivanti Connect Secure 22.7R2.6 Ivanti Policy Secure 22.7R1.3 Ivanti CSA 5.0.5
The company said it is not aware of any of the defects that are exploited in the wilderness. However, with iVanti devices over and over again by harmful actors, it is necessary for users to take steps to apply the latest corrections.
JPCERT/CC revealed, in today's publication report, that she noticed Cve-2025-0282-the ability to immunity now that affects Ivanti Connect Secure- which is used to present an updated version of the damaged software framework called Spawnchimra.
“Spawnchimra is harmful programs that combine the updated jobs from SPAWNANT, SPAWNMOLE and SPAWNALIL in one.” In an attempt to prevent other actors from exploiting them.
Ivanti also admitted that its products “were targeted and exploited through the attacks of the developed threat representative” and that it is making efforts to improve its programs, implement safe principles of design, and raise the tape for possible abuse by opponents.
“Although these products are not the ultimate goal, they are increasingly the way in which national state groups are well focused on their effort in trying to espionage campaigns against very high -value organizations,” said Ivanti CSO Daniel Spicer.
“We have improved internal scanning, manual exploitation, testing capabilities, increasing cooperation and exchanging information with the ecosystem of safety, and increased the strengthening of our responsible disclosure, including becoming a CVE numbering salad.”
This development comes at a time when bishop Fox released full technical details about a security defect now in Sonicwall Sonicos (Cve-2024-53704) that can be used to overcome the ratification of the walls of protection and allow the attackers to kidnap the active SSL VPN sessions in order to obtain access.
As of February 7, 2025, it remains approximately 4,500 SSINWLL SSL SSL VPN servers that are not compressed against Cve-2024-53704.
In a similar step, AKAMAI published its discovery of the weakness of Fortinet Fortios (CVE-2024-46666 and Cve-2024-46668) that the unbelievable striker can exploit to achieve the rejection of the service (DOS) and implement the code remotely. Fortinet defects were resolved on January 14, 2025.
Fortinet has already reviewed her consultant Cve-2014-55591 to highlight another defect that has been tracked as CVE-2025-24472 (8.1) CVSS SCORE: 8.1 which may lead to an authentication in Fortius and Fortiproxy devices via CSF CRACED application specifically.
The company has strengthened Watchtowr Labs Sonny Macdonald to discover and report the defect. It should be noted that the weakness has already been corrected alongside the Cve-2024-55591, which means that there is no customer procedure if repairs are already applied to the latter.
“Both cover the same weakness, but at a different end point,” Benjamin Harris, CEO of Watchtowr, told the Hacker News. “There is one administrative interface, however this management interface has three sub -facades effectively.
“The original Cve-2024-55591 has been determined to exceed the approval in only one of these sub-facads. The new” CVE “” revealed “revealed yesterday reflects the same bypassing the approval in a different sub-interface. The root cause is the same and the same correction solves CVE-2025-24472. “
(The story was updated after publishing to include a response from Watchtowr Labs.)
