Thread | Brutkey

Ivanti is on the board with their August advisories. But good news!

We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-CVE-2025-8296-CVE-2025-8297

https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Virtual-Application-Delivery-Controller-vADC-previously-vTM-CVE-2025-8310

https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs

#patchTuesday

Marcus Rohrmoser 🌻

@mro@digitalcourage.social

Hi @cR0w@infosec.exchange,
"being not aware" is a competence they sure have high credibility in.

Andrew Golding
@huronbikes@cyberplace.social

@cR0w@infosec.exchange I suppose on the plus side, the RCE/SQL-injection vulnerabilities require authentication. You know, little bit of silver lining on the usual dumpster fire.

da_667
@da_667@infosec.exchange

@cR0w@infosec.exchange cue the dog in the hotdog suit "We're all looking for the guy who did this."

Brandon
@be_far@social.treehouse.systems

@cR0w@infosec.exchange my “we are not aware of any exploitation of these vulnerabilities which we have just disclosed” shirt has a lot of people asking questions already answered by the shirt

cR0w
@cR0w@infosec.exchange

Bart Simpson with a white cane and sunglasses. The text says "Checking for suspicious activity in the logs I never turned on." And Bart is saying "Nothing to see here."

Ian Campbell 🏴

@neurovagrant@masto.deoan.org

@cR0w@infosec.exchange that's some funky wording right there...

cR0w
@cR0w@infosec.exchange

@huronbikes@cyberplace.social Agreed. As far as Ivanti vulns go, this is nothing. But the wording of the (dis)claimer was interesting.

cR0w
@cR0w@infosec.exchange

@neurovagrant@masto.deoan.org Reeks of Legal

K. Reid Wightman :verified: 🌻

:donor: :clippy:
@reverseics@infosec.exchange

@cR0w@infosec.exchange @neurovagrant@masto.deoan.org

Krypt3ia
@krypt3ia@infosec.exchange

@cR0w@infosec.exchange Schroedingers Logs

sigi714
@sigi714@ruhr.social

@cR0w@infosec.exchange

Andrew Golding
@huronbikes@cyberplace.social

@cR0w@infosec.exchange "as far as we know (nevermind we know very little), everything is fine!"

cR0w
@cR0w@infosec.exchange

@huronbikes@cyberplace.social

massive bong rip

Do any of us really know anything though?

RootWyrm 🇺🇦

:progress:
@rootwyrm@weird.autos

@cR0w@infosec.exchange @huronbikes@cyberplace.social
The people left at Ivanti:
<massive bong rip> Who knows? Who cares?

Andrew Golding
@huronbikes@cyberplace.social

@cR0w@infosec.exchange look, I only really know what our PR form knows and they seem to know quite a lot and I'm sure none of it is made up because they are very serious and we pay them in coke, or at least we did before I kept the coke for myself and outsourced the thinking to a chatbot.