Critical Ivanti Vulnerabilities Added to CISA’s KEV Catalog: What You Need to Know

Listen to this Post

Cybersecurity threats continue to evolve, and Ivanti software has once again found itself at the center of critical vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, three of which affect Ivanti Endpoint Management. These vulnerabilities are being actively exploited, posing a serious risk to both federal agencies and private organizations. This article explores these security flaws, their potential impact, and the urgent need for mitigation.

Three Critical Ivanti Vulnerabilities Identified

CISA’s latest advisory, published on March 10, highlights five newly exploited security flaws. Among them, three Ivanti vulnerabilities—CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161—are of particular concern.

  • Nature of the Vulnerabilities: These are absolute path traversal vulnerabilities, allowing remote unauthenticated attackers to leak sensitive information.
  • Severity: Each vulnerability carries a critical CVSS base score of 9.8, making them a high-priority risk.
  • Attack Vectors: These vulnerabilities are commonly exploited by cybercriminals to gain unauthorized access to systems, extract data, or launch further attacks.

CISA has strongly urged organizations beyond the federal sector to take immediate action to mitigate these threats.

A Troubling Trend: Ivanti Vulnerability Exploitations in 2025

This is not the first time Ivanti software has faced security threats this year. In January 2025:

  • CVE-2025-0282, a critical vulnerability in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways, was actively exploited.
  • Later in the month, CISA and the FBI issued warnings about threat actors exploiting multiple chained vulnerabilities in Ivanti Cloud Service Appliances, including CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380.

These repeated security breaches raise serious concerns about the resilience of Ivanti’s software infrastructure.

Additional VeraCode Vulnerabilities in the Spotlight

Beyond Ivanti, CISA’s March 10 advisory also flagged two vulnerabilities affecting VeraCode products:

1. CVE-2024-57968 (Critical, CVSS 9.9):

  • This is an unrestricted file upload vulnerability in Advantive VeraCore.
  • Attackers can remotely upload files to unintended folders, making them accessible during web browsing.

2. CVE-2025-25181 (Medium, CVSS 5.8):

– An SQL injection flaw in Advantive VeraCore.

  • Allows attackers to execute arbitrary SQL commands via the PmSess1 parameter.

While not as severe as the Ivanti vulnerabilities, these flaws still pose a notable risk, especially for organizations using VeraCore products.

What Undercode Say:

The Growing Threat of Path Traversal Attacks

Path traversal vulnerabilities, like the ones found in Ivanti, have been a long-standing security issue. They allow attackers to access unauthorized files by manipulating URL paths. In Ivanti’s case, the fact that these flaws enable unauthenticated access significantly increases the risk of data breaches.

Why Are Ivanti Products Frequent Targets?

Ivanti’s software is widely used in enterprise and government settings, making it an attractive target for cybercriminals. The frequent discovery of vulnerabilities suggests possible weaknesses in their software development lifecycle and security testing practices.

CISA’s KEV Catalog: A Crucial Resource

CISA’s Known Exploited Vulnerabilities catalog plays a critical role in cybersecurity defense:
– It helps organizations prioritize patching for the most actively exploited vulnerabilities.
– Federal agencies are mandated to remediate KEV-listed vulnerabilities within a set timeframe.
– Private enterprises should also follow KEV updates to reduce exposure to cyber threats.

The Role of Zero-Day Exploits

Zero-day vulnerabilities—security flaws exploited before a patch is available—are a growing problem. While Ivanti’s vulnerabilities are now documented, the pattern of repeated exploits suggests that attackers may have been exploiting them as zero-days before discovery.

The Business Impact of Cybersecurity Breaches

For companies relying on Ivanti and VeraCode, these security flaws present major operational and financial risks:
– Regulatory Compliance: Organizations in finance, healthcare, and government must comply with strict data security regulations.
– Reputation Damage: Repeated security incidents can erode trust in Ivanti and its products.
– Financial Losses: Data breaches and ransomware attacks linked to unpatched vulnerabilities can result in significant monetary damages.

Proactive Defense Strategies

To mitigate the risks associated with these vulnerabilities, organizations should:
1. Apply Patches Immediately: Always prioritize updates for KEV-listed vulnerabilities.
2. Use Web Application Firewalls (WAFs): To block common exploit techniques.
3. Perform Regular Security Audits: Identify and address vulnerabilities before attackers can exploit them.
4. Implement Zero-Trust Security: Minimize trust assumptions between systems to limit the impact of breaches.
5. Monitor CISA Advisories: Stay updated on emerging threats and security best practices.

What’s Next for Ivanti?

Ivanti must take a proactive approach to cybersecurity:

  • Enhancing their bug bounty programs to detect vulnerabilities earlier.
  • Investing in secure code development to prevent such flaws from emerging.

References:

Reported By: https://www.infosecurity-magazine.com/news/cisa-kev-ivanti-critical/
Extra Source Hub:
https://www.quora.com
Wikipedia
Undercode AI

Image Source:

Pexels
Undercode AI DI v2

Join Our Cyber World:

💬 Whatsapp
💬 TelegramFeatured Image