Stack-Based Buffer Overflow in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways
CVE-2025-0283

7HIGH

Key Information:

Vendor
Ivanti
Status
Connect Secure
Policy Secure
Neurons For Zta Gateways
Vendor
CVE Published:
8 January 2025

Badges

πŸ“° News Worthy

Summary

A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA Gateways before specified versions. This flaw enables a local authenticated attacker to exploit the overflow condition, potentially leading to privilege escalation and unauthorized access to sensitive functionalities within the affected platforms.

Affected Version(s)

Connect Secure 22.7R2.5

Neurons for ZTA gateways 22.7R2.5

Policy Secure 22.7R1.2

News Articles

favicon imagePalo Alto Networks

Threat Brief: CVE-2025-0282 and CVE-2025-0283

CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident respons...

1 day ago

favicon imagewiz.io

CVE-2025-0282 and CVE-2025-0283: Ivanti 0days in the Wild | Wiz Blog

Detect and mitigate critical RCE vulnerabilities CVE-2025-0282 and CVE-2025-0283 in Ivanti VPNs. Urgent patching required to protect against 0day exploitation.

1 week ago

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by wiz.io

  • Vulnerability published

  • Vulnerability Reserved

.