CISA Urges All Organizations to Patch Exploited Critical Ivanti Flaws
Three critical vulnerabilities in Ivanti software have recently been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog.
In a new security advisory published on March 10, CISA added five new flaws to its KEV catalog, three of which are affecting Ivanti’s Endpoint Management.
This means the agency has observed exploitation of these vulnerabilities in the wild.
All three, CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161, are absolute path traversal vulnerabilities allowing a remote unauthenticated attacker to leak sensitive information.
They are all critical, with a CVSS score base of 9.8 each.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said in the advisory.
Although CISA’s KEV is primarily designed for US federal agencies, the cybersecurity authority “urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation.”
Ivanti Vulnerability Exploitations in 2025
This is not the first time in 2025 that Ivanti vulnerabilities have been exploited in the wild.
In early January, Microsoft and Google Cloud’s Mandiant detected exploitation of CVE-2025-0282, a critical vulnerability affecting Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways.
In late January, CISA and the FBI warned that threat actors were actively exploiting chained vulnerabilities – CVE-2024-8963, CVE-2024-9379, CVE-2024-8190 and CVE-2024-9380 – in Ivanti Cloud Service Appliances.
VeraCore Flaws Added to CISA KEV
In the March 10 advisory, CISA also warned that two other vulnerabilities, both affecting VeraCore products, are being exploited in the wild.
The first, CVE-2024-57968, is an unrestricted file upload vulnerability affecting Advantive VeraCore. When exploited, an attacker can remotely upload files to unintended folders, such as those accessible during web browsing by other users. It is a critical vulnerability, with a CVSS base score of 9.9.
The second, CVE-2025-25181, is an SQL injection flaw that also affects Advantive VeraCore, allowing remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. It is a medium-severity flaw, with a CVSS base score of 5.8.
