CVE-2025-0282: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons...

9.0 CVSS

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Known Exploited

🚨 Marked as known exploited on January 8th, 2025 (4 months ago).

Classification

CVE ID: CVE-2025-0282

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.0

CVSS Vector:

Affected Products

Vendor: Ivanti

Product: Connect Secure

Exploit Prediction Scoring System (EPSS)

EPSS Score: 15.33% (probability of being exploited)

EPSS Percentile: 95.9% (scored less or equal to compared to others)

EPSS Date: 2025-02-06 (when was this score calculated)

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283

Timeline

2025-01-08 23:15:16 UTC
CISA KEV

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
2025-01-08 23:16:41 UTC
🚨 Marked as Known Exploited
2025-01-08 23:45:16 UTC
All CISA Advisories

CISA Adds One Vulnerability to the KEV Catalog
2025-01-08 23:45:16 UTC
All CISA Advisories

Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways
2025-01-09 00:15:15 UTC
Google Threat Intelligence

Written by: John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov,...
2025-01-09 00:30:35 UTC
CVE

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons...
2025-01-09 05:30:24 UTC
TheHackerNews

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
2025-01-09 07:30:19 UTC
CyberInsider

Hackers Exploiting Critical Ivanti VPN Code Execution Vulnerability
2025-01-09 19:45:14 UTC
Rapid7

CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild
2025-01-10 01:30:19 UTC
Watchtower Labs

Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282)
2025-01-12 09:00:39 UTC
Watchtower Labs

Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
2025-01-14 17:15:19 UTC
DarkWebInformer

Critical Vulnerability CVE-2025-0282 in Ivanti Connect Secure Enables Remote Command Execution via Buffer Overflow
2025-01-17 00:45:19 UTC
Palo Alto Unit42

Threat Brief: CVE-2025-0282 and CVE-2025-0283
2025-01-22 18:00:24 UTC
All CISA Advisories

Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
2025-02-07 15:00:28 UTC
Tenable Blog

Cybersecurity Snapshot: Cyber Agencies Offer Best Practices for Edge Device Security, While OWASP Ranks Top Risks of Non-Human Identities
2025-03-28 20:45:30 UTC
All CISA Advisories

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure
2025-03-28 20:45:30 UTC
All CISA Advisories

MAR-25993211-r1.v1 Ivanti Connect Secure (RESURGE)
2025-04-25 09:30:23 UTC
TheHackerNews

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks
2025-05-09 13:00:16 UTC
Tenable Blog

Cybersecurity Snapshot: U.K. NCSC’s Best Cyber Advice on AI Security, the Quantum Threat, API Risks, Mobile Malware and More