• Vulnerable U
  • Posts
  • Ivanti Patches Critical Bugs in Multiple Products

Ivanti Patches Critical Bugs in Multiple Products

The flaws affect Connect Secure, Policy Secure, Secure Access Client, and Cloud Services Application

Author

Newsroom
February 12, 2025

Ivanti has released patches for a series of critical vulnerabilities in several of its products, including Connect Secure, Policy Secure, Secure Access Client, and Cloud Services Application. None of the vulnerabilities is known to have been exploited at this point. 

CVEs: CVE-2024-47908, CVE-2024-11771, CVE-2024-38657, CVE-2025-22467, CVE-2024-10644

Why It Matters: Ivanti products are favorite targets for attackers, especially the Connect Secure and Policy Secure products. Several of the vulnerabilities can lead to remote code execution, while others can lead to arbitrary file writes or command injection. 

Key Details

  • Both CVE-2024-47908, CVE-2024-11771 affect the Ivanti Cloud Services Application. “Successful exploitation of CVE-2024-47908 could allow a remote authenticated attacker to achieve remote code execution and CVE-2024-11771 could allow a remote unauthenticated attacker to access restricted functionality,” the advisory says.

  • CVE-2024-38657, CVE-2025-22467, CVE-2024-10644 all affect Connect Secure, Policy Secure, and Secure Access Client. All of these vulnerabilities are rated critical, but the most serious of the three is CVE-2024-22467, which is a stack buffer overflow that can lead to remote code execution

  • Ivanti also released patches for five other vulnerabilities, four of which are rated medium, and one that’s rated high. The high-severity bug is an issue with permissions that can allow a local attacker to delete arbitrary files. 

In related Ivanti news, researchers at Japan’s CERT released an analysis of some newly discovered malware that is being used by attackers who are exploiting CVE-2025-0282, a vulnerability in Connect Secure that was disclosed in January. The malware is dubbed Spawnchimera and is an updated version of the existing Spawn malware family. “SPAWNCHIMERA IS A MALWARE THAT HAS UPDATED THE FUNCTIONS OF SPAWNANT, SPAWNMOLE, AND SPAWNSNAIL AND HAS MADE THEM INTO ONE. Therefore, there is no significant difference between the malware installation method and the injection method into other processes and the behavior of the SPAWN family reported by Google,” the JP CERT advisory says. 

Organizations running vulnerable versions of any of the affected Ivanti products should update to the latest versions as soon as possible.