CVE-2025-0282

Published Jan 8, 2025

Last updated 9 days ago

Overview

Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Modified

Insights

Analysis from the Intruder Security Team
Published Jan 9, 2025

Buffer Overflows such as this one require an advanced skillset, and time and knowledge to exploit. In addition, the exploit must be specific to the version that is targeted (as noted by Google Mandiant).

The recommendation is to fix according to your usual critical patching schedule, but prioritise over other criticals as this vulnerability has been added to the KEV list. That said, due to the complexities with this vulnerability class, we don't expect widespread exploitation.

Patching information has been released by Ivanti. However, the recommendation to use the ICT scanner by Ivanti appears to be flawed as pointed out by Google Mandiant. To help with detecting compromises, they have released YARA rules for this vulnerability.

Risk scores

CVSS 3.1

Type
Primary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Exploit added on
Jan 8, 2025
Exploit action due
Jan 15, 2025
Required action
Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-121
nvd@nist.gov
CWE-787

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Vulnérabilité logiciels Ivanti Connect Secure | CVE-2025-0282 - Stormshield https://t.co/6eQ5Ct3x2u #PreventionInternet #Cybersécurité

    @Prevention_web

    4 Feb 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Exploiting an unauthenticated Remote Code Execution vulnerability in Ivanti Secure (VPN) (CVE-2025-0282) https://t.co/g7Xg4ib4HC #cybersecurity #ivanti https://t.co/J7Nevy5dwf

    @0xor0ne

    3 Feb 2025

    7121 Impressions

    58 Retweets

    221 Likes

    82 Bookmarks

    1 Reply

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2024-8381 2 - CVE-2024-10487 3 - CVE-2025-24118 4 - CVE-2025-24162 5 - CVE-2025-0282 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Feb 2025

    259 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. İvanti Connect Secure CVE-2025-0282 https://t.co/5pUHvitq9I

    @y1659rsgh

    31 Jan 2025

    25 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  5. ⚡CVE-2025-0282 Exploit Thousands of targets are still vulnerable. #CyberNews https://t.co/phpeWP3drz

    @dilagrafie

    31 Jan 2025

    302 Impressions

    2 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  6. Zero-Day-Schwachstelle bei Ivanti Connect Secure VPN https://t.co/2lb00ZdnT8 Mandiant hat Details zu einer Zero-Day-Schwachstelle (CVE-2025-0282) veröffentlicht, die Ivanti bekannt gegeben und gleichzeitig gepatcht hat und die seine Ivanti Connect Secure VPN („ICS“) Anwen…

    @B2bCyber

    31 Jan 2025

    178 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. "Attackers lodge backdoors into Ivanti Connect Secure devices. ... The backdoor was originally discovered by the National Cyber Security Centre of Finland in a CVE-2025-0282 exploitation case." 🏅🤩 https://t.co/0vCYRlphPb

    @CERTFI

    31 Jan 2025

    857 Impressions

    2 Retweets

    12 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-0282 Exploit Thousands of targets are still vulnerable https://t.co/gsQaK8R0zz

    @wgujjer11

    29 Jan 2025

    9330 Impressions

    19 Retweets

    173 Likes

    87 Bookmarks

    2 Replies

    0 Quotes

  9. Ivanti Connect Secure encore touché ! CVE-2025-0282, une faille zéro-day, exploitée. Encore des vulnérabilités chez Ivanti... #CyberSecurity #Ivanti https://t.co/LWmentpyJu

    @_F2po_

    28 Jan 2025

    147 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Security alert for Ivanti Connect Secure! CVE-2025-0282, a zero-day flaw, already exploited. Another vulnerability from Ivanti... #CyberSecurity #Ivanti https://t.co/stmuD6lpbV

    @_F2po_

    28 Jan 2025

    151 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Top 5 Trending CVEs: 1 - CVE-2025-23006 2 - CVE-2024-50050 3 - CVE-2024-43468 4 - CVE-2025-0282 5 - CVE-2025-21298 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    27 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Ivanti Connect Secure の脆弱性 CVE-2025-0282:PoC の提供と積極的な悪用 https://t.co/dFud9IYDub Ivanti Connect Secure の脆弱性 CVE-2025-0282 ですが、PoC が提供され、積極的な悪用が観測されているとのことです。ご利用のチームは、十分に… https://t.co/RuFJFRVWiP

    @iototsecnews

    27 Jan 2025

    98 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. [1day1line] CVE-2025-0282: Stack Overflow Vulnerability in Ivanti Connect Secure The vulnerability occurs in Ivanti Connect Secure's handling of IF-T packets, a transport layer protocol used for TNC message delivery. https://t.co/xhBcQTk1k2

    @hackyboiz

    25 Jan 2025

    1078 Impressions

    6 Retweets

    14 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  14. Censys researchers tracking a recently disclosed zero-day vulnerability in Ivanti Connect Secure discovered hundreds of instances may have been compromised through exploits of CVE-2025-0282. Learn more: https://t.co/MnLQVhVja4

    @censysio

    24 Jan 2025

    765 Impressions

    3 Retweets

    11 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  15. 370+ Ivanti Connect Secure Exploiting Using 0-day Vulnerability (CVE-2025-0282) https://t.co/EGnwNmf8IF Over 379 Ivanti Connect Secure (ICS) devices were found to be backdoored following the exploitation of a critical zero-day vulnerability, CVE-2025-0282.  The backdoors inst…

    @f1tym1

    24 Jan 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. We are sharing backdoored Ivanti Connect Secure devices that *may* have been compromised as part of a CVE-2025-0282 exploitation campaign (but also we believe may include older or other activity). 379 new backdoored instances found on 2025-01-22: https://t.co/D8qUuPY5EF https:

    @Shadowserver

    23 Jan 2025

    3014 Impressions

    18 Retweets

    29 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  17. Ivanti Connect Secure SSLVPN RCE vulnerability (CVE-2025-0282). Last week I had some time to modify my original poc by adding the ability to bypass ASLR without using hardcoded memory addresses. https://t.co/q6AZ0gFwyw

    @redtimmysec

    23 Jan 2025

    85 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Critical #ZeroDay Ivanti #VPNvulnerability (CVE-2025-0282) is exploited in the wild! Learn how to protect your network in this #CybersecurityThreatAdvisory: https://t.co/weX3269EJR

    @BarracudaMSP

    22 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications https://t.co/7keMywtNoq Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more informatio…

    @f1tym1

    22 Jan 2025

    227 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  20. Unit 42's latest threat brief provides actionable intelligence on the CVE-2025-0282 vulnerability, using details from our own telemetry. https://t.co/Ilx092CkFQ https://t.co/1HQTaw9d5h

    @Unit42_Intel

    22 Jan 2025

    3250 Impressions

    15 Retweets

    36 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 CVE-2025-0282: Vulnerabilidad Crítica de Desbordamiento de Búfer en Ivanti Connect Secure 🔒 Se ha identificado un desbordamiento de búfer en los productos de Ivanti Connect Secure, Ivanti Policy Secure e Ivanti Neurons for ZTA Gateways. https://t.co/5kee3QihhN

    @BanCERT_gt

    21 Jan 2025

    184 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  22. آسیب پذیری با کد شناسایی CVE-2025-0282 برای محصول Ivanti Connect Secure از نوع execute arbitrary code منتشر شده است. نمره این آسیب پذیری 9 بوده و در ورژن های قبل از 22.7R2.5 این محصول وجود دارد ، هکرها امکان اجرای کد به صورت Remote را دارند. https://t.co/Poz3aKYxT1 https://t.co

    @AmirHossein_sec

    21 Jan 2025

    187 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨As of early 2025, the landscape of cybersecurity vulnerabilities continues to evolve, with new threats emerging frequently. Ivanti VPN Appliances Vulnerabilities: CVE-2025-0282: Stack-based buffer overflow vulnerability allowing unauthenticated remote code execution.… https://

    @abdussaboor_com

    20 Jan 2025

    159 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨As of early 2025, the landscape of cybersecurity vulnerabilities continues to evolve, with new threats emerging frequently. Ivanti VPN Appliances Vulnerabilities: CVE-2025-0282: Stack-based buffer overflow vulnerability allowing unauthenticated remote code execution.… https://

    @sgsecnet

    20 Jan 2025

    199 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. #threatreport #HighCompleteness Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17) | 18-01-2025 Source: https://t.co/isJwZtyGKg Key details below ↓ 🧑‍💻Actors/Campaigns: Cl-unk-079 Unc5337 💀Threats: Spawnmole, Spawnsloth, Spawnsnail,… https://t.co/atTfxKSsjq http

    @rst_cloud

    19 Jan 2025

    199 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Critical vulnerabilities (CVE-2025-0282 & CVE-2025-0283) in Ivanti Connect Secure allow attackers to execute code & escalate privileges. Patching is essential to mitigate risks. ⚠️ #Ivanti #RemoteAccess #USA link: https://t.co/f060O2HOzG https://t.co/bF50lrAiGE

    @TweetThreatNews

    19 Jan 2025

    132 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  27. CL-UNK-0979 Exploit Zero-Day Flaw in Ivanti Connect Secure to Gain Access to Networks Stay informed about the latest vulnerabilities in Ivanti products. CVE-2025-0282 and CVE-2025-0283 can allow attackers to remotely execute code and escalate privileges. https://t.co/RANCqO29MT

    @the_yellow_fall

    19 Jan 2025

    292 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2025-0282 is a critical, stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways, allowing remote, unauthenticated code execution. Immediate patching and monitoring are essential to mitigate this threat.

    @vishal_rayansec

    18 Jan 2025

    189 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure https://t.co/xzAOUZtmV6 posted by: Center for Cyber Diplomacy and International Security The Hacker News ( Monitored by: Vladimir Tsakanyan )

    @CCDISRESEARCH

    18 Jan 2025

    127 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. #Ivanti ha emitido una alerta sobre una grave #vulnerabilidad #0day que ha sido explotada activamente en #ConnectSecure en el marco de ataques dirigidos. CVE-2025-0282 permite ejecutar comandos y tomar control de servidores vulnerables. Más info 👇👇 https://t.co/byTOt3vI7T h

    @ojo_cibernetico

    18 Jan 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Se descubrió una vulnerabilidad en los sistemas VPN seguros de Ivanti Connect, denominada CVE-2025-0282, capaz de implementar malware personalizado. Esta falla crítica de ciberseguridad afecta a Connect Secure, Policy Secure y Neurons para las puertas de enlace ZTA. 🧉 https://

    @MarquisioX

    17 Jan 2025

    159 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨 Vulnerabilidad Ivanti CVE-2025-0282 está siendo explotada activamente. Afecta a Connect Secure y Policy Secure. ¡Prioriza los parches y asegura tus sistemas! 🔒 #Ciberseguridad #Vulnerabilidad, info@thehackernews.com (The Hacker News), https://t.co/g8vsLZqoYn

    @Hackman_PR

    17 Jan 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Breach alert! Zero-day vulnerabilities in Fortinet FortiGate (CVE-2024-55591) & Ivanti gateways (CVE-2025-0282) are causing havoc. Threat actors can now play super-admin! More in our threat advisory. Protect your data before it's too late! https://t.co/CVvdwauytQ

    @sequretek_sqtk

    17 Jan 2025

    221 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. CVE-2025-0282: ¡Urgente! Ivanti ha reportado una vulnerabilidad crítica en sus soluciones. Asegúrate de actualizar a versiones seguras y protege tu información sensible. Actúa ahora ➡️ https://t.co/1QXdRulBdk #Ciberseguridad #Ivanti #Vulnerabilidad

    @SotyHub

    17 Jan 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. ⚠️ ¡Atención organizaciones! La vulnerabilidad crítica CVE-2025-0282 afecta a Ivanti Connect Secure y Policy Secure. Actualiza tus sistemas YA y protege tus datos sensibles. Descubre más aquí 👉 https://t.co/1QXdRulBdk #Ciberseguridad #Ivanti #Vulnerabilidad

    @SotyHub

    17 Jan 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 🚨 ¡Alerta de ciberseguridad! La vulnerabilidad crítica CVE-2025-0282 en Ivanti expone a muchas organizaciones en España. Actualiza tus sistemas y protege tus datos. Descubre más aquí: https://t.co/1QXdRulBdk #Ciberseguridad #Ivanti #ProtecciónDatos

    @SotyHub

    17 Jan 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17) https://t.co/m9cdWAII8n

    @itsecuritynewsl

    17 Jan 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure https://t.co/xzAOUZtmV6 posted by: Center for Cyber Diplomacy and International Security The Hacker News ( Monitored by: Vladimir Tsakanyan )

    @CCDISRESEARCH

    17 Jan 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Ivanti Connect Secure'de Kritik Güvenlik Açığı (CVE-2025-0282): PoC Yayınlandı ve Aktif Olarak Sömürülüyor https://t.co/E8CZFbQSXL

    @cyberwebeyeos

    17 Jan 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. #exploit 1. CVE-2025-0282: Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE - https://t.co/IGCw9K0YEM 2. CVE-2024-43468: MS Configuration Manager (ConfigMgr/SCCM) 2403 Unauthenticated SQLi - https://t.co/TCEXzMaR5B

    @ksg93rd

    17 Jan 2025

    216 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  41. Ivanti’s Security Slip-Up: CVE-2025-0282 and CVE-2025-0283 Vulnerabilities Leave the Door Wide Open! Hot Take: Ivanti's tech is as secure as a chocolate teapot! Two new vulnerabilities have popped up in their Connect Secure, Policy Secure, and ZTA gateway products, making them…

    @TheNimbleNerd

    17 Jan 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Ivanti 製品群の脆弱性 CVE-2025-0282/0283 が FIX:Connect Secure の悪用を観測 https://t.co/lZZDPpQU9m Ivanti 製品群の脆弱性 CVE-2025-0282/0283 が FIX しましたが、すでに悪用が観測されています。また、同じく 1月8日にリリースされた「Zero-Day Alert: UNC5337 Exploits Ivanti VPN… https://t.co/TDhv0AQUKj

    @iototsecnews

    17 Jan 2025

    37 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. Unit 42 telemetry reveals threat activity potentially exploiting the CVE-2025-0282 0-day in a public-facing Ivanti Connect Secure (ICS) VPN appliance. This threat brief details our findings. https://t.co/Ilx092CkFQ

    @Unit42_Intel

    17 Jan 2025

    8045 Impressions

    21 Retweets

    74 Likes

    13 Bookmarks

    0 Replies

    3 Quotes

  44. GitHub - sfewer-r7/CVE-2025-0282: PoC for CVE-2025-0282: A remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways - https://t.co/tVqtj4mdKl

    @piedpiper1616

    16 Jan 2025

    589 Impressions

    3 Retweets

    8 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  45. PoC Exploit Released for #Ivanti Connect Secure Flaw CVE-2025-0282 Used in Attacks watchTowr Labs published a detailed analysis of the vulnerability and a proof-of-concept (#PoC) exploit for CVE-2025-0282 https://t.co/KoeOpnysW9

    @the_yellow_fall

    16 Jan 2025

    211 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. I wrote a PoC for the recent Ivanti Connect Secure stack buffer overflow, CVE-2025-0282, based on the exploitation strategy @watchtowrcyber published, along with an assessment of exploitability given the lack of a suitable info leak to break ASLR: https://t.co/uCJehEMO25 https://

    @stephenfewer

    16 Jan 2025

    15428 Impressions

    76 Retweets

    277 Likes

    94 Bookmarks

    3 Replies

    2 Quotes

  47. as promised... our PoC for Ivanti's CVE-2025-0282. This is purposefully broken in non-trivial ways and will require effort to work as outlined previously in our exploitation technique blogpost. https://t.co/xfo6FsOKWe

    @watchtowrcyber

    16 Jan 2025

    9531 Impressions

    58 Retweets

    142 Likes

    50 Bookmarks

    1 Reply

    2 Quotes

  48. I've been analyzing newly disclosed vulnerabilities in popular systems, including Mitel MiCollab (CVE-2024-41713, CVE-2024-35286), Zyxel Firewalls (CVE-2024-11667), and Microsoft Windows (CVE-2024-35250, CVE-2024-49138). Ivanti is also affected (CVE-2025-0282, CVE-2025-0283).

    @agentwhitehat

    15 Jan 2025

    232 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Researchers with Google’s @Mandiant security team said that one or more threat actors are exploiting CVE-2025-0282 in Ivanti Connect Secure VPN for remote takeover attacks on targeted networks. #cybersecurity #infosec #ITsecurity https://t.co/UvDgvLucTb

    @SCMagazine

    15 Jan 2025

    49 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Ivanti CVE-2025-0282 Checker https://t.co/t3G4mp1ft6 #exploit

    @packet_storm

    14 Jan 2025

    482 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

Configurations