diff --git a/docs/advisories/20250109001-Ivanti-Known-Exploited-Vulnerability.md b/docs/advisories/20250109001-Ivanti-Known-Exploited-Vulnerability.md
new file mode 100644
index 00000000..8b8c3f79
--- /dev/null
+++ b/docs/advisories/20250109001-Ivanti-Known-Exploited-Vulnerability.md
@@ -0,0 +1,31 @@
+# Ivanti Vulnerability Known Active Exploitation - 20250109001
+
+## Overview
+
+Ivanti have released an advisory that addresses vulnerabilities impacting multiple products. Successful exploitation could lead to unauthenticated remote code execution, and allow a local authenticated attacker to escalate privileges.
+
+Ivanti is aware of active exploitation in the wild.
+
+## What is vulnerable?
+
+| CVE | Product(s): Version(s) Affected | CVSS | Severity |
+| --- | ---------------------------------- | ---- | -------- |
+| [CVE-2025-0282](https://nvd.nist.gov/vuln/detail/CVE-2025-0282) | - Ivanti Connect Secure: **22.7R2 through 22.7R2.4**
- Ivanti Policy Secure: **22.7R1 through 22.7R1.2**
- Ivanti Neurons for ZTA gateways: **22.7R2 through 22.7R2.3** | 9.0 | **Critical** |
+| [CVE-2025-0283](https://nvd.nist.gov/vuln/detail/CVE-2025-0283) | - Ivanti Connect Secure: **22.7R2.4 and prior**
- Ivanti Connect Secure: **9.1R18.9 and prior**
- Ivanti Policy Secure: **22.7R1.2 and prior**
- Ivanti Neurons for ZTA gateways: **22.7R2.3 and prior** | 7.0 | High |
+
+## What has been observed?
+
+Ivanti is aware of active exploitation in the wild.
+CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog.
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Ivanti Advisory:
+
+### Additional Resources
+
+- CISA Advisory:
+- BleepingComputer: