CVE-2025-0282

Published Jan 8, 2025

Last updated 3 days ago

Insights

Analysis from the Intruder Security Team
Published Jan 9, 2025

Buffer Overflows such as this one require an advanced skillset, and time and knowledge to exploit. In addition, the exploit must be specific to the version that is targeted (as noted by Google Mandiant).

The recommendation is to fix according to your usual critical patching schedule, but prioritise over other criticals as this vulnerability has been added to the KEV list. That said, due to the complexities with this vulnerability class, we don't expect widespread exploitation.

Patching information has been released by Ivanti. However, the recommendation to use the ICT scanner by Ivanti appears to be flawed as pointed out by Google Mandiant. To help with detecting compromises, they have released YARA rules for this vulnerability.

Overview

Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Exploit added on
Jan 8, 2025
Exploit action due
Jan 15, 2025
Required action
Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-121

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

16

  1. Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) : https://t.co/cdduo8covx

    @binitamshah

    12 Jan 2025

    274 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #CyberSecurity #Malware Zero-Day Alert: UNC5337 Exploits Ivanti VPN Vulnerability CVE-2025-0282 for Espionage Operations https://t.co/QGQd15t3oD

    @Komodosec

    12 Jan 2025

    81 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) https://t.co/dQmrv5hbx8

    @axcheron

    12 Jan 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) - watchTowr Labs https://t.co/L1pekI8dz4 https://t.co/BDtLS8Nkos

    @secharvesterx

    12 Jan 2025

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) https://t.co/ehJV23gVKO

    @n3tl0kr

    12 Jan 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 先に解説していたIvanti Connect Secure RCE (CVE-2025-0282)のExploit作成の解説。相変わらずノリノリである(詳細のいくつかは伏せてある) / “Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)” https://t.co/W9QfGkhAJ7

    @ockeghem

    12 Jan 2025

    5400 Impressions

    0 Retweets

    6 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  7. 雰囲気で理解した() こんなにメジャーな製品にも buffer overflow からの RCE が未だに複数残っているものなんだねぇ Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282) https://t.co/I2iFI1nBfm

    @strinsert1Na

    12 Jan 2025

    668 Impressions

    1 Retweet

    10 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  8. Alert of Buffer Overflow Vulnerabilities in Multiple Ivanti Products (CVE-2025-0282) - Security Boulevard https://t.co/MSagAAh1Hn

    @PVynckier

    12 Jan 2025

    228 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) - watchTowr Labs https://t.co/o4RvNzhIUg

    @buaqbot

    12 Jan 2025

    152 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) https://t.co/ICRvDda0JZ

    @buaqbot

    12 Jan 2025

    139 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. はてなブログに投稿しました 英語弱者がChatGPTの力を借りて『Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282)』を読む - ペネトレーションしのべくん https://t.co/d3kVk6nQKo 久々にはてなにも転記した #はてなブログ

    @shinobe179

    12 Jan 2025

    284 Impressions

    0 Retweets

    3 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  12. Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) https://t.co/HmJ4xlMECv

    @Dinosn

    12 Jan 2025

    4511 Impressions

    46 Retweets

    73 Likes

    30 Bookmarks

    23 Replies

    0 Quotes

  13. Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) - watchTowr Labs https://t.co/qiaGHUQ5vQ

    @_r_netsec

    12 Jan 2025

    976 Impressions

    2 Retweets

    1 Like

    3 Bookmarks

    0 Replies

    0 Quotes

  14. Join our Exploitation Walkthrough of CVE-2025-0282 via 'clientcapabilities' - there might be other parameters that allow overflow (or not 😉) Re: "experts" telling industry 'engineering is hard' as if these 1990s vulns are just life - we left a note. https://t.co/U4L4bHELJG

    @watchtowrcyber

    12 Jan 2025

    18381 Impressions

    51 Retweets

    165 Likes

    69 Bookmarks

    0 Replies

    3 Quotes

  15. Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure CVE-2025-0282 https://t.co/9EOhggcGmn https://t.co/azFrA1Bv5f

    @DaveFerguson01

    12 Jan 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. SCMagazine: Researchers with Google’s @Mandiant security team said that one or more threat actors are exploiting CVE-2025-0282 in Ivanti Connect Secure VPN for remote takeover attacks on targeted networks. #cybersecurity #infosec #ITsecurity https://t.co/d56V2nLFgO

    @MrsYisWhy

    12 Jan 2025

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Researchers with Google’s @Mandiant security team said that one or more threat actors are exploiting CVE-2025-0282 in Ivanti Connect Secure VPN for remote takeover attacks on targeted networks. #cybersecurity #infosec #ITsecurity https://t.co/UvDgvLucTb

    @SCMagazine

    12 Jan 2025

    949 Impressions

    4 Retweets

    9 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. چند روز پیش ۲ آسیب پذیری خطرناک با کدهای شناسایی CVE-2025-0282 از نوع Buffer overflow با نمره آسیب پذیری ۹ و CVE-2025-0283 از نوع Privilege escalation با نمره آسیب پذیری ۷ برای محصولات ZTA Gateways و Connect Secure مربوط به ivanti منتشر شده بود. https://t.co/Poz3aKY03t https://t.

    @AmirHossein_sec

    12 Jan 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-0282  Ivanti Connect Secure RCE exp https://t.co/WyxX8NVvZE https://t.co/BgEtPBo4Fc

    @gov_hack

    12 Jan 2025

    460 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  20. #Vulnerability #CVE20250282 CVE-2025-0282 (CVSS 9.0): Ivanti Confirms Active Exploitation of Critical Flaw https://t.co/mil3H5LnzV

    @Komodosec

    12 Jan 2025

    122 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. gxc please do a Poc CVE-2025-0282 #Ivanti Connect Secure zero-day :/product.name="Ivanti Connect Secure"||product[.]name="Ivanti Policy Secure"||product[.]name="Ivanti Neurons for ZTA" .bin https://t.co/sr2KcnhVxT

    @byt3n33dl3

    12 Jan 2025

    132 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  22. GitHub - absholi7ly/CVE-2025-0282-Ivanti-exploit: CVE-2025-0282 is a critical vulnerability found in Ivanti Connect Secure, allowing Remote Command Execution (RCE) through a buffer overflow exploit. https://t.co/dEBvlqWx8o

    @akaclandestine

    11 Jan 2025

    1796 Impressions

    7 Retweets

    16 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  23. ICYMI: Ivanti released security updates to address vulnerabilities (CVE-2025-0282, CVE-2025-0283) in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. For mitigation guidance and help reducing exposure learn more: https://t.co/0CaiNE9kEp https://t.co/BkX2Fpcy0n

    @CISAgov

    11 Jan 2025

    5124 Impressions

    24 Retweets

    55 Likes

    3 Bookmarks

    5 Replies

    1 Quote

  24. wheres the polymarket link to bet if uscourts got popped with CVE-2025-0282 ? asking for a friend. https://t.co/N7WDpeCQcW

    @lcfr_eth

    11 Jan 2025

    316 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. آسیب پذیری CVE-2025-0282 در محصولات ایوانتی مورد سوء استفاده قرار گرفت! #Cyber_security_news #اخبار_امنیت_سایبری #CVE_2025_0282 #CVE_2025_0283 #Ivanti https://t.co/hQq4TULqPD

    @vulnerbyte

    11 Jan 2025

    94 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. GitHub - absholi7ly/CVE-2025-0282-Ivanti-exploit: CVE-2025-0282 is a critical vulnerability found in Ivanti Connect Secure, allowing Remote Command Execution (RCE) through a buffer overflow exploit. - https://t.co/GDR3GwYRXh

    @piedpiper1616

    11 Jan 2025

    3836 Impressions

    16 Retweets

    60 Likes

    26 Bookmarks

    1 Reply

    1 Quote

  27. چند روز پیش ۲ آسیب پذیری خطرناک با کدهای شناسایی CVE-2025-0282 از نوع Buffer overflow با نمره آسیب پذیری ۹ و CVE-2025-0283 از نوع Privilege escalation با نمره آسیب پذیری ۷ برای محصولات ZTA Gateways و Connect Secure مربوط به ivanti منتشر شده بود

    @cybernetic_cy

    11 Jan 2025

    163 Impressions

    2 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Analyzing CVE-2025-0282 in Ivanti products?🔍 Skip the endless research - our https://t.co/PSyP1Jh2rM has you covered. Ask questions, get instant answers, and focus on what matters: securing your systems. @transilienceai https://t.co/nssFTFfN7N #Ivanti #CVE20250282 #Cybersecurity

    @iammuzaffar640

    11 Jan 2025

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Critical security alert! 🚨 CVE-2025-0282 reveals a stack overflow vulnerability in Ivanti devices, allowing remote code execution. Affects Connect Secure, Policy Secure, and Neurons for ZTA. #Ivanti #RemoteCodeExecution #USA #ThreatResearch link: https://t.co/Tf37CINs5O https:/

    @TweetThreatNews

    11 Jan 2025

    106 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🔵🟡🔴プログラミンニュース ~気になるニュースをピックアップ~ Ivanti Connect Secureなどにおける脆弱性(CVE-2025-0282)に関する注意喚起 https://t.co/G9Pb4a1jqN #ICT

    @programmin_net

    11 Jan 2025

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. #Poc CVE-2025-0282 #Ivanti Connect Secure zero-day @HunterMapping :/product.name="Ivanti Connect Secure"||https://t.co/e8W7FmbzuL="Ivanti Policy Secure"||https://t.co/e8W7FmbzuL="Ivanti Neurons for ZTA" https://t.co/sAUZM91cdP https://t.co/4TX2pSArmZ

    @absholi7ly

    11 Jan 2025

    3315 Impressions

    3 Retweets

    31 Likes

    17 Bookmarks

    3 Replies

    2 Quotes

  32. Ivanti Connect Secure Zero-Day Threat: 2,048 Vulnerable Devices and Critical Exploitation Details Unveiled Discover the details of CVE-2025-0282, a critical flaw affecting Ivanti Connect Secure appliances. Find out how it allows remote code execution https://t.co/KA63ACnEcK

    @the_yellow_fall

    11 Jan 2025

    246 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. SCMagazine: Researchers with Google’s @Mandiant security team said that one or more threat actors are exploiting CVE-2025-0282 in Ivanti Connect Secure VPN for remote takeover attacks on targeted networks. #cybersecurity #infosec #ITsecurity https://t.co/d56V2nLFgO

    @MrsYisWhy

    10 Jan 2025

    110 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. China's UNC5337 exploits critical Ivanti RCE vulnerability (CVE-2025-0282) again, deploying sophisticated malware to compromise systems. Patches are out, but risk remains high. 🔒💻 #Ivanti #Malware #China #CybersecurityNews link: https://t.co/fNtaK4RbEC https://t.co/AEHBx1z5Bt

    @TweetThreatNews

    10 Jan 2025

    88 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Ivanti warns that the CVE-2025-0282 zero-day vulnerability in Connect Secure is currently being exploited. Users are advised to apply the available patches to protect their systems. #CVE2025 #CyberSecurity #Ivanti https://t.co/CkSSYAgqmT

    @techday_au

    10 Jan 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Two #vulnerabilities, CVE-2025-0282 & CVE-2025-0283, were discovered in @GoIvanti Connect Secure VPN appliances and related products. Ivanti has released patches and has instructed customers to follow recommendations in their Security Advisory. https://t.co/KsbV9ecJeg

    @Surefire_Cyber

    10 Jan 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. .@Mandiant linked a Chinese nation-state actor to the recent exploitation of #Ivanti zero-day flaw tracked as CVE-2025-0282. #Cybersecurity https://t.co/STJ9m8Kh9J

    @TechTargetNews

    10 Jan 2025

    237 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Mapa Ivanti Connect Secure CVE-2025-0282 https://t.co/raL1NaGcr0 https://t.co/nN1wPGCIFU https://t.co/U8dd4tE7eb

    @elhackernet

    10 Jan 2025

    2009 Impressions

    0 Retweets

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  39. In case anyone is tracking this Ivanti 0day (CVE-2025-0282, CVE-2025-0283), I thought I'd save you some work with Sigma conversion etc. Thanks to the awesome folks at @Mandiant for their continued guidance and for being the bomb! :) https://t.co/SWxJqZjTGj #soc #blueteam… https

    @n3tl0kr

    10 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Ivanti has confirmed critical vulnerabilities in Ivanti Connect Secure (CVE-2025-0282 & CVE-2025-0283) with serious implications for enterprise security. CVE-2025-0282 is actively exploited, remote attackers can execute code and escalate privileges. Stay Vigilant! #CyberSecur

    @Shift6Security

    10 Jan 2025

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Zero-Day Exploitation for CVE-2025-0282 impacting Ivanti appliances. More details in: https://t.co/ViITs38m4d

    @GrimmAnalyst

    10 Jan 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🚨 Advisory: Suspected Chinese Threat Actors Exploit Ivanti Connect Secure Vulnerability CVE-2025-0282 as a Zero-Day, Deploying Malware and Exfiltrating Data. Read the full advisory here: https://t.co/BOWLJioqaX #Cybersecurity #ThreatIntel #Ivanti https://t.co/PGqqvv8tda

    @deepwatch_sec

    10 Jan 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Critical Vulnerability Uncovered: CVE-2025-0282 Puts Ivanti Systems at Risk https://t.co/U05v8elGl6

    @WhalersLtd

    10 Jan 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Ivanti Connect Secure VPN Zero-Day Exploitation (CVE-2025-0282) #CVE20250282 #CVE20250283 #CyberSecurity #Ivanti #Mandiant #UNC5221 https://t.co/DOgQqBCmCC

    @SystemTek_UK

    10 Jan 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 📢Ivanti เตือนถึงช่องโหว่ CVE-2025-0282 ถูกใช้ในโจมตีแบบ Zero-Day #ThaiCERT #NCSA #CybersecurityNew 📥สามารถติดตามข่าวสารได้ที่ https://t.co/HCsLrrY1eE https://t.co/ljLv2g0hIv

    @ThaiCERTByNCSA

    10 Jan 2025

    86 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. We have started reporting unpatched Ivanti Connect Secure instances likely vulnerable to the new known to be exploited in the wild CVE-2025-0282. We see 2048 likely vulnerable instances worldwide on 2024-01-09. Top: US Dashboard overview by country: https://t.co/curshSlWem http

    @Shadowserver

    10 Jan 2025

    2456 Impressions

    11 Retweets

    26 Likes

    6 Bookmarks

    1 Reply

    0 Quotes

  47. [주의] ivanti 취약점(CVE-2025-0282, CVE-2025-0282) 패치 권고 https://t.co/kLaEpI7C3j

    @virusmyths

    10 Jan 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 Nouvelle vulnérabilité critique CVE-2025-0282 exploitée dans des attaques zero-day ! Ivanti met en garde contre les risques de code à distance avec Connect Secure. Analystes de la sécurité, restez à l'affût ! #Cybersecurite #ZeroDay #AlerteSecurite 👉 https://t.co/7cas6udY4W

    @CyberAlertFr

    10 Jan 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. #CVE Alert CVE-2025-0282, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways, is being exploited in the wild, leading to remote code execution. 🔗https://t.co/tnqjmWm7Xm 🔗https://t.co/BC2NBkk70j 🔗https://t.co/ADXMv8hIvy 🔗 https://t.co/VTmysPmgcl #CTIRadar

    @CTIRadar

    10 Jan 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. ☠️ "VPN Zero-Day [CVE-2025-0282] actively exploited since Dec 4. 2024!"

    @byt3n33dl3

    10 Jan 2025

    78 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes