February 2026 Product Notes: New Test Catalogue & API Scanning experience
Security is often a game of “you don’t know what you don’t know.” At Detectify, we focus on removing that uncertainty. Whether it’s reaching 922 …
A critical vulnerability (CVE-2025-0282) has been identified in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This vulnerability could allow unauthenticated remote attackers to achieve remote code execution (RCE) on affected systems.
Affected Products:
- Ivanti Connect Secure (versions 22.7R2 through 22.7R2.4)
- Ivanti Policy Secure (versions 22.7R1 through 22.7R1.2)
- Ivanti Neurons for ZTA gateways (versions 22.7R2 through 22.7R2.3)
Detection
Detectify Surface Monitoring and Application Scanning customers are already scanning payload-based tests for CVE-2025-0282. The test was launched on January 13, 2025.
How does Detectify test for vulnerabilities?
Detectify Surface Monitoring sends payloads to request headers and URLs (in some cases, query parameters too). When we send a payload and observe something trying to resolve on a domain, we produce a vulnerability finding. In Application Scanning, the Detectify scanning engines crawl customers’ applications followed by extensive fuzzing of all parameters, such as cookies, and query parameters.
Patch availability
Ivanti has released a patch for some affected versions, which can be accessed here.
Check out more content
Introducing Protocol Discovery to stop guessing what’s behind your open ports
Most tools will just tell you that a port is open. We’ve decided that’s not enough. TLDR: We’ve launched Protocol Discovery, a custom-built engine designed …
