Thread | Brutkey

Ivanti is on the board with their August advisories. But good news!

We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-CVE-2025-8296-CVE-2025-8297

https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Virtual-Application-Delivery-Controller-vADC-previously-vTM-CVE-2025-8310

https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs

#patchTuesday

Andrew Golding
@huronbikes@cyberplace.social

@cR0w@infosec.exchange I suppose on the plus side, the RCE/SQL-injection vulnerabilities require authentication. You know, little bit of silver lining on the usual dumpster fire.

cR0w
@cR0w@infosec.exchange

@huronbikes@cyberplace.social Agreed. As far as Ivanti vulns go, this is nothing. But the wording of the (dis)claimer was interesting.

Andrew Golding
@huronbikes@cyberplace.social

@cR0w@infosec.exchange "as far as we know (nevermind we know very little), everything is fine!"

cR0w
@cR0w@infosec.exchange

@huronbikes@cyberplace.social

massive bong rip

Do any of us really know anything though?

RootWyrm 🇺🇦

:progress:
@rootwyrm@weird.autos

@cR0w@infosec.exchange @huronbikes@cyberplace.social
The people left at Ivanti:
<massive bong rip> Who knows? Who cares?

Andrew Golding
@huronbikes@cyberplace.social

@cR0w@infosec.exchange look, I only really know what our PR form knows and they seem to know quite a lot and I'm sure none of it is made up because they are very serious and we pay them in coke, or at least we did before I kept the coke for myself and outsourced the thinking to a chatbot.