Ivanti’s Path of Destruction: Critical Vulnerabilities Rock 2025 Cybersecurity Scene
Ivanti software is under siege, with three path traversal vulnerabilities being exploited in the wild, now spotlighted in CISA’s Known Exploited Vulnerabilities catalog. These critical flaws, each scoring a whopping 9.8 on the CVSS scale, allow cyber actors to snoop around sensitive data like it’s their side hustle. Stay vigilant, world!
Hot Take:
Ivanti’s software is proving to be a prime target for hackers, with vulnerabilities popping up like popcorn in a microwave. It’s like the software can’t help but spill all its secrets, and CISA is the parent trying to mop up the mess. Meanwhile, VeraCode is just trying to join the party with its own set of flaws, proving that bugs truly love company!
Key Points:
- Three Ivanti vulnerabilities, now CISA-approved for chaos, allow attackers to leak sensitive info with a CVSS score of 9.8.
- CISA adds two more VeraCode vulnerabilities to their catalog, one of which is a file upload flaw with a CVSS of 9.9.
- The cybersecurity agency encourages all organizations, not just the feds, to fix these messes pronto.
- Ivanti’s vulnerabilities have been having a busy 2025, with previous exploits detected by Microsoft and Google Cloud’s Mandiant.
- CISA and the FBI have also been warning about Ivanti’s vulnerabilities being chained together for maximum mischief.
Already a member? Log in here