We have started reporting unpatched Ivanti Connect Secure instances likely vulnerable to the new known to be exploited in the wild CVE-2025-0282.
We see 2048 likely vulnerable instances worldwide on 2025-01-09. Top: US
Dashboard overview by country: https://dashboard.shadowserver.org/statistics/combined/tree/?day=2025-01-09&source=exchange&source=exchange6&source=http_vulnerable&source=http_vulnerable6&tag=cve-2025-0282%2B&geo=all&data_set=count&scale=log
Vulnerable IP data is shared daily for your network/constituency in our https://shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/ tagged 'cve-2025-0282'
If you receive an alert from us, make sure to follow @cisacyber mitigation instructions: https://cisa.gov/cisa-mitigation-instructions-cve-2025-0282
Ivanti patch info: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US
Thank you to @watchtowrcyber for the insights and collaboration!
=> More informations about this toot | More toots from shadowserver@infosec.exchange
Current Ivanti Connect Secure CVE-2025-0282 scanning results: around 800 exposed unpatched devices (IPs) seen as of 2025-01-12 (drop from around 2000 seen 2025-01-09)
CVE-2025-0282 vulnerability tracker: https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=http_vulnerable&source=http_vulnerable6&tag=cve-2025-0282%2B&dataset=unique_ips&style=stacked
=> More informations about this toot | More toots from shadowserver@infosec.exchange
text/geminiThis content has been proxied by September (3851b).