CVE-2025-0282
CVSS 9.0 CRITICAL
CVE-2025-0283
CVSS 7.0 HIGH
On 8 January 2025, Ivanti disclosed several vulnerabilities impacting their Ivanti Connect Secure, Policy Secure & ZTA Gateways.
CVE-2025-0282
CVE-2025-0282 is a critical stack-based buffer overflow vulnerability identified in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This flaw allows remote, unauthenticated attackers to execute arbitrary code on the affected devices, potentially leading to full system compromise. Notably, this vulnerability has been actively exploited in the wild since mid-December 2024, targeting Ivanti Connect Secure appliances. Ivanti has released patches to address this issue, and users are strongly advised to apply these updates immediately to mitigate the risk of exploitation.
CVE-2025-0283
CVE-2025-0283 is a stack-based buffer overflow vulnerability present in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This vulnerability enables local authenticated attackers to escalate their privileges on the affected devices. While there have been no reports of this vulnerability being exploited in the wild, it poses a significant security risk. Ivanti has acknowledged the issue and is expected to release patches to remediate the vulnerability. Users should monitor Ivanti’s advisories and apply the forthcoming updates promptly to ensure system security.
To see which versions are affected, click here to view a PDF.