Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure
CVE-2025-0282

9CRITICAL

Key Information:

Vendor
Ivanti
Status
Connect Secure
Policy Secure
Neurons For Zta Gateways
Vendor
CVE Published:
8 January 2025

Badges

πŸ”₯ Trending nowπŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 31,800πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 15%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2025-0282?

CVE-2025-0282 is a critical vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways. These products are designed to provide secure access to enterprise applications and resources. This specific vulnerability is a stack-based buffer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code on affected systems. If exploited, this flaw poses a serious risk to organizations as it could potentially lead to unauthorized access to sensitive data and disruption of services.

Technical Details

The vulnerability resides in the code handling within Ivanti’s secure access technologies. Versions prior to 22.7R2.5 for Connect Secure, 22.7R1.2 for Policy Secure, and 22.7R2.3 for Neurons for ZTA gateways are affected. The stack-based buffer overflow leaves the system open to malicious input that can manipulate execution flow, enabling an attacker to run arbitrary commands remotely. This flaw underscores the importance of proper input validation and memory management in software development to prevent similar vulnerabilities.

Potential Impact of CVE-2025-0282

  1. Remote Code Execution: An attacker could exploit the vulnerability to run arbitrary code on the affected devices, leading to complete control over the system.

  2. Data Breaches: Unauthorized access could result in the exposure and theft of sensitive data, impacting organizational confidentiality and compliance with data protection regulations.

  3. Service Disruption: Successful exploitation could allow attackers to manipulate or disrupt services, leading to downtime and loss of operational capabilities, which can be particularly damaging for businesses relying on seamless access to secure applications.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Affected Version(s)

Connect Secure 22.7R2 <= 22.7R2.4

Neurons for ZTA gateways 22.7R2 <= 22.7R2.3

Policy Secure 22.7R1 <= 22.7R1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-0282
Created by sfewer-r7

CVE-2025-0282
Created by watchtowrlabs

CVE-2025-0282
Created by AdaniKamal

News Articles

favicon imageThe Hacker News

Ivanti | News & Insights | The Hacker News

Read the latest updates about Ivanti on The Hacker News cybersecurity and information technology publication.

1 day ago

favicon imageCybersecurityNews

New PoC Released For Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)

Researchers have unveiled a PoC exploit for a critical RCE flaw in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.

favicon imagePalo Alto Networks

Threat Brief: CVE-2025-0282 and CVE-2025-0283

CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident respons...

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🟑

    Public PoC available

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ’°

    Used in Ransomware

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by CybersecurityNews

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.