New API testing category now available
Our API scanner can test for dozens of vulnerability types like prompt injections and misconfigurations. We’re excited to share today that we’re releasing vulnerability tests …
A critical vulnerability (CVE-2025-0282) has been identified in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This vulnerability could allow unauthenticated remote attackers to achieve remote code execution (RCE) on affected systems.
Affected Products:
- Ivanti Connect Secure (versions 22.7R2 through 22.7R2.4)
- Ivanti Policy Secure (versions 22.7R1 through 22.7R1.2)
- Ivanti Neurons for ZTA gateways (versions 22.7R2 through 22.7R2.3)
Detection
Detectify Surface Monitoring and Application Scanning customers are already scanning payload-based tests for CVE-2025-0282. The test was launched on January 13, 2025.
How does Detectify test for vulnerabilities?
Detectify Surface Monitoring sends payloads to request headers and URLs (in some cases, query parameters too). When we send a payload and observe something trying to resolve on a domain, we produce a vulnerability finding. In Application Scanning, the Detectify scanning engines crawl customers’ applications followed by extensive fuzzing of all parameters, such as cookies, and query parameters.
Patch availability
Ivanti has released a patch for some affected versions, which can be accessed here.
Check out more content
Product update: Dynamic API Scanning, Recommendations & Classifications, and more
We know the importance of staying ahead of threats. At Detectify, we’re committed to providing you with the tools you need to secure your applications …
