Threat Brief: CVE-2025-0282 and CVE-2025-0283

Ivanti Connect Secure, Policy Secure, and ZTA gateway products contain two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, that allow remote code execution and privilege escalation. Attackers are exploiting CVE-2025-0282 to gain access to internal networks, using tools like ldap.pl for credential harvesting and persistence mechanisms like SPAWNMOLE and SPAWNSNAIL. Palo Alto Networks recommends applying Ivanti’s patch and utilizing their products for protection.