Ivanti Blames Open-Source Code as Zero-Days Mount

Ivanti is facing growing scrutiny after disclosing another set of zero-day vulnerabilities affecting its products, raising fresh concerns about the security vendor’s ability to shield users from targeted cyberattacks. The company attributed the latest exploits to unresolved security flaws in unnamed open-source libraries, distancing its proprietary code from the breaches. However, some cybersecurity researchers are questioning that explanation, suggesting the root cause may be more complex or internal than Ivanti claims.

The disclosure adds to a string of recent incidents involving Ivanti software, increasing pressure on the vendor to provide greater transparency into the nature of the vulnerabilities and the steps it is taking to mitigate risks. While Ivanti maintains that its investigation points solely to third-party components, skepticism from parts of the security community reflects broader unease about the company’s product integrity and vulnerability management. The situation underscores ongoing challenges in securing enterprise software that relies on open-source code.