CVE-2025-0282
Ivanti Connect Secure, Policy Secure, and ZTA Gate - [Actively Exploited]
Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
INFO
Published Date :
Jan. 8, 2025, 11:15 p.m.
Last Modified :
Jan. 9, 2025, 10:15 p.m.
Source :
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Remotely Exploitable :
Yes !
Impact Score :
6.0
Exploitability Score :
2.2
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.
Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.
CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0282
Public PoC/Exploit Available at Github
CVE-2025-0282 has a 2 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
Affected Products
The following products are affected by CVE-2025-0282
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-0282.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
A repo for output of an experimental intrusion prediction project
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-0282 vulnerability anywhere in the article.
-
Ars Technica
Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware
Networks protected by Ivanti VPNs are under active attack by well-resourced hackers who are exploiting a critical vulnerability that gives them complete control over the network-connected devices. Har ... Read more
-
BleepingComputer
Google: Chinese hackers likely behind Ivanti VPN zero-day attacks
Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called ‘Dryhook’ and ‘Phasejam’ that is not current ... Read more
-
The Register
Zero-day exploits plague Ivanti Connect Secure appliances for second year running
The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts "seriously" as Ivanti battles two dangerous new vulnerabilities, one of which was already being ... Read more
-
Help Net Security
Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)
The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant researchers have shared. It’s s ... Read more
-
security.nl
Mandiant: Ivanti VPN-lek sinds halverwege december misbruikt bij aanvallen
Een kwetsbaarheid in Ivanti Connect Secure die het mogelijk maakt om vpn-servers op afstand over te nemen en waarvoor gisterenavond een beveiligingsupdate verscheen is sinds halverwege december misbru ... Read more
-
security.nl
Ivanti waarschuwt voor actief aangevallen lek in Connect Secure VPN
Softwarebedrijf Ivanti waarschuwt organisaties, net als een jaar geleden, voor een actief aangevallen kwetsbaarheid in Connect Secure VPN en roept op de nu beschikbaar gestelde update te installeren. ... Read more
-
The Hacker News
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The securit ... Read more
-
Cybersecurity News
Zero-Day Alert: UNC5337 Exploits Ivanti VPN Vulnerability CVE-2025-0282 for Espionage Operations
Ivanti Connect Secure (ICS) VPN appliances have become the focus of advanced threat actors, exploiting a newly disclosed zero-day vulnerability. According to a recent report by Mandiant, the exploitat ... Read more
-
TheCyberThrone
CVE-2025-0282: Affecting Ivanti Products
OverviewCVE-2025-0282 is a critical stack-based buffer overflow vulnerability. It impacts Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for Zero Trust Access (ZTA) gateways. This vul ... Read more
-
Google Cloud
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
Written by: John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov, Dhanesh Kizhakkinan, Jacob Thompson Note: This is a developing campaign under active analysis by Ma ... Read more
The following table lists the changes that have been made to the
CVE-2025-0282 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Jan. 09, 2025
Action Type Old Value New Value Added Reference https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day Added Reference https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282 -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Jan. 09, 2025
Action Type Old Value New Value Added Date Added 2025-01-08 Added Due Date 2025-01-15 Added Required Action Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service. Added Vulnerability Name Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability -
New CVE Received by 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Jan. 08, 2025
Action Type Old Value New Value Added Description A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. Added CVSS V3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Added CWE CWE-121 Added Reference https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-0282 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-0282
weaknesses.