216.73.216.204

Threat Brief: CVE-2025-0282 and CVE-2025-0283

· Published 17/01/2025 17:17 · Modified 17/01/2025 17:54

Export JSON

Essential information

Published
17/01/2025 17:17
Modified
17/01/2025 17:54
Tags
2025-01-17 CVE-2025-0282 CVE-2025-0283 ivanti
Related entities
14 observables, 1 intrusion sets (apt), 8 techniques (mitre), 3 malware

Description

Two critical vulnerabilities in Connect Secure, Policy Secure and ZTA gateway products have been discovered. allows remote code execution, while enables privilege escalation. Attacks exploiting have been observed in the wild, involving initial access, credential harvesting, lateral movement, defense evasion, and persistence. Attackers used custom tools like SPAWNMOLE, SPAWNSNAIL, and SPAWNSLOTH. The activity cluster CL-UNK-0979 has been identified, potentially linked to UNC5337. Immediate patching and monitoring are strongly recommended. Various Palo Alto Networks products offer protection against these threats.

External references