A Vulnerability in Ivanti Products Could Allow for Remote Code Execution

Post author:Cyber Security Advisories - MS-ISAC
Post published:April 3, 2025

A Vulnerability has been discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways which could allow for remote code execution.

Ivanti Connect Secure (formerly Pulse Connect Secure) is a widely deployed SSL VPN solution that provides secure and controlled access to corporate data and applications for remote and mobile users, offering features like single sign-on, multi-factor authentication, and integration with various security frameworks.
Ivanti Policy Secure (IPS) is a Network Access Control (NAC) solution that provides network access only to authorized and secured users and devices, offering comprehensive NAC management, visibility, and monitoring to protect networks and sensitive data.
Ivanti Neurons for Zero Trust Access (ZTA) Gateway is a component of Ivanti's zero-trust network access solution

Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.

Share my story Share this content

You Might Also Like

Adobe Releases Security Updates for Multiple Products

Multiple Vulnerabilities in PTC Axeda Agent and Axeda Desktop Server Could Allow for Remote Code Execution

Share this content