Ivanti: February 2025 Security Update

Ivanti February 2025 Security Advisory

Ivanti has released five product updates resolving 11 CVEs, four of which are Critical. The affected products include Ivanti Cloud Service Application, Ivanti Neurons for MDM, Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Secure Access Client. At the time of release, Ivanti is not aware of any exploitation or public discloses for the 11 resolved CVEs.

February 2025 update priorities

• Microsoft Windows is the top priority this month, with three known exploited CVEs, two publicly disclosed vulnerabilities resolved and two Critical CVEs.
• Browsers are a prime target for attackers to target users. While including browsers in your monthly update process is recommended, it leaves a lot of CVEs exposed in between cycles. It’s recommended to move browsers to a weekly Priority Updates cadence. Mozilla Firefox releases two to three times a month. Google Chrome has been releasing security updates weekly since August 2023. The Chromium-based Microsoft Edge has also been releasing weekly. Updating all browsers on a weekly basis is recommended to keep up with the steady stream of security fixes.

Ivanti’s vulnerability management program is a central part of our commitment to security. We employ rigorous testing and validation methodologies to enable swift identification, patching, and disclosure of vulnerabilities in collaboration with the broader security ecosystem. Our priority is to provide responsible and transparent communication to our customers, so they are empowered to defend their environments.

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have also made enhancements to our responsible disclosure process so that we promptly discover and address potential issues, and so that our customers are best equipped to take action.

Ivanti releases standard security patches on the second Tuesday of every month. For many of our customers, the predictable schedule facilitates better planning and management of IT resources, allowing them to allocate time and personnel efficiently for the timely updates.

Today, fixes have been released for the Ivanti solutions detailed below. It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti products.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Cloud Service Application
• Ivanti Neurons for MDM
• Ivanti Connect Secure, Policy Secure and Secure Access Client

Our Support team is always available to help customers and partners should they have any questions.