logo
Home/CVEs/CVE-2025-0282/

CVE-2025-0282 - Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Project:Ivanti

Product:Connect Secure, Policy Secure, and ZTA Gateways

Date Added:2025-01-08Due Date:2025-01-15

Vulnerability Name

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Description

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Additional Notes

CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283

https://nvd.nist.gov/vuln/detail/CVE-2025-0282

Related News Articles

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell FeaturesMarch 30, 2025

UK domain registry Nominet confirms breach via Ivanti zero-dayJanuary 14, 2025

Threat Actors Exploit a Critical Ivanti RCE Bug, AgainJanuary 11, 2025

Ivanti zero-day attacks infected devices with custom malwareJanuary 10, 2025

Google: Chinese hackers likely behind Ivanti VPN zero-day attacksJanuary 10, 2025