Zero-Days in Ivanti Connect Secure and Policy Secure...

Zero-Days in Ivanti Connect Secure and Policy Secure Exploited (CVE-2023-46805, CVE-2024-21887)

On January 10, Ivanti disclosed two zero-day vulnerabilities in its Connect Secure (formerly Pulse Connect Secure) and Policy Secure products:

CVE-2023-46805
CVE-2024-21887

According to Ivanti, zero-day exploitation of these flaws have been observed. Researchers at Volexity identified the zero-day exploitation, adding that first known exploitation began as early as December 3, 2023 and was observed as part of an exploit chain. These flaws have been exploited in limited, targeted attacks against “less than 10 customers” Ivanti said in a knowledge base article.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Zero-Days in Ivanti Connect Secure and Policy Secure...

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia