A major cyber security incident has rocked the UK’s internet infrastructure compromising Nominet by exploiting Ivanti VPN Vulnerability
The UK Internet Domain Registry, Nominet, has confirmed a significant cyber attack targeting their network. The intrusion, discovered late last week, exploited a critical zero-day vulnerability in third-party VPN software provided by Ivanti. This software, Ivanti Connect Secure, is used by Nominet employees for remote system access.
Exploiting Zero-Day Ivanti VPN Vulnerability
The attack leveraged two zero-day vulnerabilities, CVE-2025-0282 and CVE-2025-0283, both identified in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. The National Cyber Security Centre (NCSC) issued an urgent bulletin urging organizations to take immediate action to mitigate these vulnerabilities.
- CVE-2025-0282: A stack-based buffer overflow vulnerability in versions of Ivanti Connect Secure prior to 22.7R2.5, Ivanti Policy Secure prior to 22.7R1.2, and Ivanti Neurons for ZTA gateways prior to 22.7R2.3. This allows a remote, unauthenticated attacker to execute code remotely.
- CVE-2025-0283: Another stack-based buffer overflow vulnerability affecting the same versions of Ivanti software as CVE-2025-0282. However, this vulnerability allows a local, authenticated attacker to escalate their privileges.
Google Cloud also published a detailed advisory providing further context on these critical vulnerabilities. Ivanti themselves acknowledged “active exploitation” of their software, noting that attacks began in mid-December 2024.
Nominet’s Response to the UK Internet Domain Registry Nominet Cyber Attack
Nominet has assured customers that, despite the unauthorised intrusion, there’s currently no evidence of data breaches or leakage. Their statement emphasizes the immediate implementation of additional safeguards, including restricted VPN access to their systems. The company highlights their existing robust security measures, such as restricted access protocols and firewalls, which helped contain the damage.
“We want to update you about an ongoing security incident that is currently under investigation,” a Nominet customer notice reads.
“The entry point was through third-party VPN software supplied by Ivanti that enables our people to access systems remotely. However, we currently have no evidence of data breach or leakage. We already operate restricted access protocols and firewalls to protect our registry systems. The unauthorised intrusion into our network exploited a zero-day vulnerability.”
Nominet has reported the incident to the relevant authorities, including the NCSC, and is working with external experts to investigate the full extent of the attack. They have implemented patches provided by Ivanti to address the vulnerabilities and assure customers that domain registration and management systems continue to operate normally. The company will provide further updates as the investigation progresses.
The Wider Impact of the Ivanti Vulnerability
This incident highlights the serious security risks posed by vulnerabilities in widely used VPN software. This is not the first time Ivanti’s VPN solution has faced significant security issues, raising concerns about the broader impact of this zero-day exploit. Previous incidents have even involved alleged exploitation by Chinese state-sponsored threat actors. Organizations using Ivanti’s VPN services are strongly urged to apply the necessary patches immediately. The UK Nominet cyber attack serves as a stark reminder of the importance of proactive security measures and prompt patching to protect against sophisticated cyber threats.
