1.0 Introduction
Recently, Ivanti released security updates to address vulnerabilities in its products including Ivanti Neurons for MDM and Ivanti Secure Access Client (ISAC).
2.0 Impact
These vulnerabilities, if exploited, cloud led to remote authenticated attacker with admin privileges to retain their session and escalate their privileges.
3.0 Affected Products
- Ivanti Secure Access Client (ISAC) versions 22.77R3 and prior
- Ivanti Neurons for MDM (N-MDM) versions R110 and prior
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review
Ivanti Security Release
for more information and apply the necessary updates.
Kindly refer to the following URLs for more information:
- https://forums.ivanti.com/s/article/Security-Advisory-March-2025-Ivanti-Neurons-for-MDM-N-MDM?language=en_US&_gl=1*1z0wikl*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5
- https://forums.ivanti.com/s/article/March-Security-Advisory-Ivanti-Secure-Access-Client-ISAC-CVE-2025-22454?language=en_US&_gl=1*1z0wikl*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5
Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web:
https://www.mycert.org.my
5.0 References
- https://www.ivanti.com/blog/topics/security-advisory
- https://forums.ivanti.com/s/article/March-Security-Advisory-Ivanti-Secure-Access-Client-ISAC-CVE-2025-22454?language=en_US&_gl=1*1z0wikl*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5
- https://forums.ivanti.com/s/article/Security-Advisory-March-2025-Ivanti-Neurons-for-MDM-N-MDM?language=en_US&_gl=1*1z0wikl*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5