CoStar Group's Response to Ivanti Connect Secure Vulnerability (CVE-2025-0282)

Trust Center

Start your security review
View & download sensitive information
Search items
ControlK

Customer trust through continual product availability and information integrity is the guiding principle of CoStar Group's Information Security Program.

Our Chief Technology Officer and Vice President of Cybersecurity oversee teams, strategies and programs to protect, employees, customers and information in accordance with all applicable laws and industry-leading practices.

Our global information security program is fundamentally aligned with ISO 27001 and aligned with the European Union's General Data Protection Regulation (GDPR).

All our payment card impacted products and applications comply with PCI DSS Level 2 requirements. Our CoStar Risk Analytics and CoStar Real Estate Manager services maintain SOC 1, Type 2 attestation reports. Additionally, our CoStar Real Estate Manager and CoStar for Lenders services maintain SOC 2, Type 2 attestation reports.

Documents

Featured Documents

POLICIESCode of Conduct

Self-Assessments

We are working on our security compliance. We can provide completed questionnaires upon request.

Reports

We may provide security-related reports upon request.

Knowledge Base (FAQ)
    Are CoStar Group employees required to undergo background investigations?
    What is CoStar Group's entity structure and how does that affect the delivery of services to clients?
    Does CoStar Group maintain cyber insurance coverage?
    Are there any pending litigation or regulatory matters which may prevent CoStar Group from providing services to clients?
    Has CoStar Group conducted an OFAC screen on vendor and vendor's beneficial owners (25%>) and obtained a negative Office of Foreign Asset Control (OFAC) hit result?
View more
Trust Center Updates

CoStar Group's Response to Ivanti Connect Secure Vulnerability (CVE-2025-0282)

Vulnerabilities
Copy link

On January 8, 2025, CoStar Group learned of a vulnerability associated with the Ivanti Connect Secure product (CVE-2025-0282). CoStar Group uses the Ivanti Connect Secure application to support some remote access cases. CoStar Group took immediate steps to review the vulnerability and its presence in CoStar Group's environment.

As of January 9, 2025, CoStar Group has fully remediated the vulnerability. CoStar Group performed an investigation and found no signs of compromise or unauthorized access related to this vulnerability.

CoStar Group continues to monitor guidance from the Cybersecurity and Infrastructure Security Agency, Ivanti, the company's third parties, and other leading cybersecurity authorities regarding the Connect Secure application. Please monitor the company's Trust Center for additional updates, as required.

Published at N/A

If you need help using this Trust Center, please contact us.

Contact Support

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo