Ivanti Releases February 2025 Security Updates

Three advisories cover vulnerabilities and weaknesses in Ivanti Cloud Services Application (CSA), Ivanti Neurons for MDM, Ivanti Connect Secure, Policy Secure, and Secure Access Client.

Threat ID:: CC-4620
Threat Severity:: Medium
Published:: 12 February 2025 4:41 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Three advisories cover vulnerabilities and weaknesses in Ivanti Cloud Services Application (CSA), Ivanti Neurons for MDM, Ivanti Connect Secure, Policy Secure, and Secure Access Client.

Affected platforms

The following platforms are known to be affected:

Versions: R108 and earlier

Ivanti Neurons for Secure Access

Versions: 22.7R2.5 and below

Ivanti Connect Secure

Versions: 22.7R1.2 and below

Ivanti Policy Secure

Versions: 22.7R4 and below

Ivanti Secure Access (formerly known as Pulse Secure Desktop Client)

Ivanti Endpoint Manager

Threat details

Introduction

Ivanti has released three security advisories in the February Security Update, which addresses vulnerabilities in Ivanti products.

In the first advisory, two vulnerabilities were identified in Ivanti Cloud Services Application (CSA). The Ivanti CSA is an Internet appliance that provides secure communication and functionality over the Internet. It falls under the primary product of Ivanti Endpoint Manager, but security fixes are maintained separately. CVE-2024-47908 is a critical OS command injection vulnerability with a CVSSv3 9.1. Successful exploitation of CVE-2024-47908 could allow a remote authenticated attacker to achieve remote code execution (RCE).

The second advisory addresses a weakness in Ivanti Neurons for MDM (N-MDM), which could allow an attacker to gain incorrect privilege assignment. Ivanti Neurons for MDM is a Unified Endpoint Management (UEM) enabling secure access to data and apps on any endpoint. The cloud service was automatically updated as of January 17, 2025, and there are no additional actions for customers to take.

The last advisory addresses eight vulnerabilities, which affect Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC), which provide virtual private network (VPN), network access control, and security monitoring functionality. The three critical vulnerabilities are designated as CVE-2025-22467, CVE-2024-38657, and CVE-2024-10644. Exploitation of these vulnerabilities could lead to RCE or allow an attacker with admin privileges to write arbitrary files.

Remediation advice

Affected organisations are encouraged to review the Ivanti February Security Update and apply the relevant security updates as soon as practicable. The advisories described above are listed in the remediation steps below.

Remediation steps

Type	Step
Patch	Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771) https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-47908-CVE-2024-11771?language=en_US
Guidance	N-MDM - Security Advisory Ivanti Neurons for MDM (N-MDM) https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-MDM-N-MDM?language=en_US
Patch	February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US

Definitive source of threat updates

https://www.ivanti.com/blog/february-security-update

CVE Vulnerabilities

Status Published

CVE-2024-47908

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Status Published

CVE-2024-11771

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

Status Reserved

CVE-2024-38657

Status Published

CVE-2025-22467

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.

Status Published

CVE-2024-10644

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Status Published

CVE-2024-13813

Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

Status Published

CVE-2024-13843

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

Status Published

CVE-2024-13842

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

Status Published

CVE-2024-13830

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

Status Published

CVE-2024-12058

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

Last edited: 12 February 2025 4:42 pm