We have started reporting unpatched Ivanti Connect Secure instances likely vulnerable ...

Why Nostr? What is Njump? Join Nostr

The Shadowserver Foundation

npub1cl…yl628

2025-01-10 08:42:22 UTC

We have started reporting unpatched Ivanti Connect Secure instances likely vulnerable to the new known to be exploited in the wild CVE-2025-0282.

We see 2048 likely vulnerable instances worldwide on 2025-01-09. Top: US

Dashboard overview by country: https://dashboard.shadowserver.org/statistics/combined/tree/?day=2025-01-09&source=exchange&source=exchange6&source=http_vulnerable&source=http_vulnerable6&tag=cve-2025-0282%2B&geo=all&data_set=count&scale=log

Vulnerable IP data is shared daily for your network/constituency in our https://shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/ tagged 'cve-2025-0282'

If you receive an alert from us, make sure to follow CISA Cyber (npub1e4q…v25r) mitigation instructions: https://cisa.gov/cisa-mitigation-instructions-cve-2025-0282

Ivanti patch info: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US

Thank you to watchTowr (npub1r4a…u230) for the insights and collaboration!

Author Public Key

npub1cla6jlqwtg3hhhqlg7rdz0lxtgfr0u5ee6vndqr0pzdtszzvt9gsyyl628

Seen on

wss://relay.momostr.pink

Show more details

Published at

2025-01-10 08:42:22 UTC

Kind type

1 Short Text Note

Event JSON

{ "id": "df5e0b4d537a07184926daaf369c343cf01e91fc1314d80be71b8325563bad2e", "pubkey": "c7fba97c0e5a237bdc1f4786d13fe65a1237f299ce9936806f089ab8084c5951", "created_at": 1736498542, "kind": 1, "tags": [ [ "p", "cd4188588f56c1a1cca91ca94469ff05f8093fcab2e54cae5094248ccfb9e9b3" ], [ "p", "1d7b1c0257bbf4bd8f263d60b8b94fabfdce022ea815ba323bc70fa4a44dfe2e" ], [ "proxy", "https://infosec.exchange/@shadowserver/113803168454472005", "web" ], [ "imeta", "url https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/803/168/018/245/815/original/89dbf4e1908ef781.png", "m image/png" ], [ "proxy", "https://infosec.exchange/users/shadowserver/statuses/113803168454472005", "activitypub" ], [ "L", "pink.momostr" ], [ "l", "pink.momostr.activitypub:https://infosec.exchange/users/shadowserver/statuses/113803168454472005", "pink.momostr" ], [ "-" ] ], "content": "We have started reporting unpatched Ivanti Connect Secure instances likely vulnerable to the new known to be exploited in the wild CVE-2025-0282.\n\nWe see 2048 likely vulnerable instances worldwide on 2025-01-09. Top: US\n\nDashboard overview by country: https://dashboard.shadowserver.org/statistics/combined/tree/?day=2025-01-09\u0026source=exchange\u0026source=exchange6\u0026source=http_vulnerable\u0026source=http_vulnerable6\u0026tag=cve-2025-0282%2B\u0026geo=all\u0026data_set=count\u0026scale=log\n\nVulnerable IP data is shared daily for your network/constituency in our https://shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/ tagged 'cve-2025-0282'\n\nIf you receive an alert from us, make sure to follow nostr:npub1e4qcsky02mq6rn9frj55g60lqhuqj072ktj5etjsjsjgenaeaxes7jv25r mitigation instructions: https://cisa.gov/cisa-mitigation-instructions-cve-2025-0282\n\nIvanti patch info: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US\n\nThank you to nostr:npub1r4a3cqjhh06tmrex84st3w20407uuq3w4q2m5v3mcu86ffzdlchqj2u230 for the insights and collaboration!\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/113/803/168/018/245/815/original/89dbf4e1908ef781.png\n", "sig": "44c6286fba0eafd12543dc7b70a890560b708fa7322e2ebdedbb4476e18a958528f0450a30f14099076d2e6f056edd40b89e1d80f6b19abff4a778018b903593" }