Infinite payloads? The future of API Testing with dynamic fuzzing
What if we told you that our newly released API Scanner has 922 quintillion payloads for a single type of vulnerability test? A quintillion is …
A critical vulnerability (CVE-2025-0282) has been identified in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This vulnerability could allow unauthenticated remote attackers to achieve remote code execution (RCE) on affected systems.
Affected Products:
- Ivanti Connect Secure (versions 22.7R2 through 22.7R2.4)
- Ivanti Policy Secure (versions 22.7R1 through 22.7R1.2)
- Ivanti Neurons for ZTA gateways (versions 22.7R2 through 22.7R2.3)
Detection
Detectify Surface Monitoring and Application Scanning customers are already scanning payload-based tests for CVE-2025-0282. The test was launched on January 13, 2025.
How does Detectify test for vulnerabilities?
Detectify Surface Monitoring sends payloads to request headers and URLs (in some cases, query parameters too). When we send a payload and observe something trying to resolve on a domain, we produce a vulnerability finding. In Application Scanning, the Detectify scanning engines crawl customers’ applications followed by extensive fuzzing of all parameters, such as cookies, and query parameters.
Patch availability
Ivanti has released a patch for some affected versions, which can be accessed here.
Check out more content
Introducing Dynamic API Scanning
Application environments are more complex than ever, with APIs forming the critical connective tissue. But this proliferation has created a vast, often invisible, attack surface. …
