Hackers are actively targeting deployments of some Ivanti Inc. software products using a newly discovered security vulnerability.

The company disclosed the exploit, which is tracked as CVE-2025-0282, on Wednesday.

Ivanti is a major provider of infrastructure management and cybersecurity software with more than 40,000 customers. According to the company, those customers include several U.S. government agencies. CVE-2025-0283 affects three Ivanti products: Secure Connect, Neurons for ZTA Gateways and Policy Secure. 

Secure Connect is a virtual private network, or VPN, tool for enterprise. It enables workers to remotely log into their company’s systems via an encrypted connection. Ivanti says that Connect Secure is one of the most widely-used products in its category.

Neurons for ZTA, the second tool affected by the vulnerability, is likewise designed to let workers securely log into business applications. It can be used together with Secure Connect. The third affected product, Policy Secure, enables administrators to centrally manage workers’ access to the corporate network. 

Hackers began exploiting the vulnerability in mid-December, Google LLC’s Mandiant cybersecurity unit detailed in a blog post. Its researchers analyzed several of the Secure Connect appliances that the hackers had breached. On one of the appliances, they discovered a malware strand associated with a China-linked hacking group tracked as UNC5337.

Explore IT Tech News for the latest advancements in Information Technology & insightful updates from industry experts!