CVE-2025-0282

Published Jan 8, 2025

Last updated 8 days ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-0282 is a stack-based buffer overflow vulnerability that affects several Ivanti network appliances, including Ivanti Connect Secure (versions prior to 22.7R2.5), Ivanti Policy Secure (versions prior to 22.7R1.2), and Ivanti Neurons for ZTA gateways (versions prior to 22.7R2.3). This vulnerability allows a remote, unauthenticated attacker to execute arbitrary code on affected systems. Exploitation of this vulnerability was first observed in mid-December 2024, and Ivanti disclosed the vulnerability on January 8, 2025. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog. It appears the vulnerability is related to the handling of IFT (IF-T) connections.

Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed

Insights

Analysis from the Intruder Security Team
Published Jan 9, 2025

Buffer Overflows such as this one require an advanced skillset, and time and knowledge to exploit. In addition, the exploit must be specific to the version that is targeted (as noted by Google Mandiant).

The recommendation is to fix according to your usual critical patching schedule, but prioritise over other criticals as this vulnerability has been added to the KEV list. That said, due to the complexities with this vulnerability class, we don't expect widespread exploitation.

Patching information has been released by Ivanti. However, the recommendation to use the ICT scanner by Ivanti appears to be flawed as pointed out by Google Mandiant. To help with detecting compromises, they have released YARA rules for this vulnerability.

Risk scores

CVSS 3.1

Type
Primary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Exploit added on
Jan 8, 2025
Exploit action due
Jan 15, 2025
Required action
Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-121
nvd@nist.gov
CWE-787

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Urgent Backdoor Alert! Take immediate action to patch Ivanti Connect Secure devices against CVE-2025-0282. #CyberSecurity #Vulnerability #PatchNow https://t.co/guxJ2EoVV2

    @RedOracle

    23 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    23 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    22 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    21 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    16 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    15 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Nouvelle faille Ivanti exploitée 🔍 CVE-2025-0282 dans Ivanti permet une RCE sans auth. Groupe chinois suspecté. Même scénario en 2025. #Cybersecurity #Ivanti Lien ⬇️

    @FortiWell

    15 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    15 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    14 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    10 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    9 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. #threatreport #LowCompleteness Darktrace's Early Detection of the Latest Ivanti Exploits | 08-03-2025 Source: https://t.co/k2bi14e2uE Key details below ↓ 🧑‍💻Actors/Campaigns: C0met 🔓CVEs: CVE-2025-0282 \[[Vulners](https://t.co/fcda2avlMh)] - CVSS V3.1: *9.0*, - Vulners:…

    @rst_cloud

    8 Mar 2025

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 China-backed Silk Typhoon is shifting tactics! Now targeting IT supply chains via stolen API keys & cloud app credentials. They hit MSPs, healthcare, govt & more. Key exploits: Ivanti VPN (CVE-2025-0282), Palo Alto firewalls (CVE-2024-3400), Citrix (CVE-2023-3519).

    @hacktoria

    7 Mar 2025

    376 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  14. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    7 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Unauthenticated Remote Code Execution vulnerability in Ivanti Secure (VPN) (CVE-2025-0282) … #infosec #ivanti https://t.co/yyOe0Nctiz

    @k1ngware

    28 Feb 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. بدافزاری با نام SPAWNCHIMERA منتشر شده است که آسیب پذیری موجود در Ivanti Connect Secure با کد شناسایی CVE-2025-0282 که از نوع buffer overflow می باشد، استفاده می کند. برای پیشگیری با این نوع تهدیدات ، سرویس ها و برنامه های خود را به روز رسانی نمایید. https://t.co/Poz3aKYxT1 https

    @AmirHossein_sec

    26 Feb 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. ⚠️ Vulnerability Alert: Ivanti Connect Secure Zero-Day Vulnerability 📅 Timeline: Disclosure: 2025-01-24, Patch: TBD 📌 Attribution: Shadowserver Foundation 🆔cveId: CVE-2025-0282 📊baseScore: 9.8 📏cvssMetrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity: Critical 🔴… h

    @syedaquib77

    26 Feb 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Unauthenticated Remote Code Execution vulnerability in Ivanti Secure (VPN) (CVE-2025-0282) https://t.co/g7Xg4ib4HC #infosec #ivanti https://t.co/1NHZRMEZ6r

    @0xor0ne

    25 Feb 2025

    5062 Impressions

    40 Retweets

    147 Likes

    45 Bookmarks

    0 Replies

    0 Quotes

  19. The SPAWNCHIMERA malware is exploiting the Ivanti Connect Secure vulnerability (CVE-2025-0282) with enhanced tactics. Multiple cases confirmed in Japan. ⚠️ #Ivanti #Malware #JapanCybersecurity link: https://t.co/FELndPyHc2 https://t.co/UhfskB5FqK

    @TweetThreatNews

    20 Feb 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. #100DaysofYARA Day 49 Detects SPAWNSLOTH, a Linux based Log Tampering Utility that was also reported to be used to target Ivanti Connect Secure VPN in a New Zero-Day Exploitation (CVE-2025-0282) by 🇨🇳 Threat Cluster UNC5221 🐧 https://t.co/rP2RfxrZmi https://t.co/dMBM6HMwiG

    @RustyNoob619

    18 Feb 2025

    772 Impressions

    3 Retweets

    14 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  21. SPAWNCHIMERA malware is exploiting the Ivanti zero-day vulnerability (CVE-2025-0282), posing a critical security risk. More details: https://t.co/l5OXod4MPC #CyberSecurity #Malware

    @adriananglin

    17 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. SPAWNCHIMERA: New Malware Exploits Ivanti Zero-Day Flaw (CVE-2025-0282) https://t.co/ahWtp3UPyr

    @Dinosn

    17 Feb 2025

    2945 Impressions

    5 Retweets

    18 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  23. 【セキュリティ ニュース】Ivanti脆弱性、国内でも12月下旬より悪用 - マルウェアにパッチ機能:Security NEXT https://t.co/uBpJYgocRO 『「Ivanti Connect Secure(ICS)」に脆弱性「CVE-2025-0282」が明らかとなった問題で、国内では2024年12月下旬より攻撃が発生していることがわかった』

    @Syynya

    14 Feb 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 【更新】Ivanti Connect Secureなどにおける脆弱性(CVE-2025-0282)に関する注意喚起を更新。JPCERT/CCでは、本脆弱性公開前の2024年12月下旬から本脆弱性が悪用された被害を国内で複数確認しています。対象製品の利用者は、侵害有無を確認する調査も実施ください。^KK https://t.co/gdUnM50ZVY

    @jpcert

    13 Feb 2025

    3708 Impressions

    10 Retweets

    13 Likes

    1 Bookmark

    0 Replies

    1 Quote

  25. JPCERT/CC researchers show how the CVE-2025-0282 vulnerability in Ivanti Connect Secure led to an updated version of the SPAWN family. The SPAWNCHIMERA malware combines the updated functions of SPAWNANT, SPAWNMOLE and SPAWNSNAIL into one. https://t.co/7GWR0xjGw1 https://t.co/22JY

    @virusbtn

    12 Feb 2025

    2103 Impressions

    11 Retweets

    34 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  26. JPCERT/CCにてIvanti Connect Secureの脆弱性CVE-2025-0282を利用して設置されたマルウェアSPAWNCHIMERAについて解説しています。^YM https://t.co/xzSJX2TbGg

    @jpcert_ac

    12 Feb 2025

    2257 Impressions

    14 Retweets

    16 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  27. Exploiting an unauthenticated Remote Code Execution vulnerability in Ivanti Secure (VPN) (CVE-2025-0282) https://t.co/eK2xJcAGTz… #cybersecurity #ivantill https://t.co/DjsUjtYWVa

    @excellenc_e

    11 Feb 2025

    477 Impressions

    0 Retweets

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Hey! Ivanti's new VPN zero-day (CVE-2025-0282) is a *stack-based buffer overflow*! Experts say patch AND factory reset. Nuke it from orbit! #cybersecurity https://t.co/SWh5X23Ksc

    @storagetechnews

    9 Feb 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    6 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. Vulnérabilité logiciels Ivanti Connect Secure | CVE-2025-0282 - Stormshield https://t.co/6eQ5Ct3x2u #PreventionInternet #Cybersécurité

    @Prevention_web

    4 Feb 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Exploiting an unauthenticated Remote Code Execution vulnerability in Ivanti Secure (VPN) (CVE-2025-0282) https://t.co/g7Xg4ib4HC #cybersecurity #ivanti https://t.co/J7Nevy5dwf

    @0xor0ne

    3 Feb 2025

    7121 Impressions

    58 Retweets

    221 Likes

    82 Bookmarks

    1 Reply

    0 Quotes

  32. Top 5 Trending CVEs: 1 - CVE-2024-8381 2 - CVE-2024-10487 3 - CVE-2025-24118 4 - CVE-2025-24162 5 - CVE-2025-0282 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Feb 2025

    259 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. İvanti Connect Secure CVE-2025-0282 https://t.co/5pUHvitq9I

    @y1659rsgh

    31 Jan 2025

    25 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  34. ⚡CVE-2025-0282 Exploit Thousands of targets are still vulnerable. #CyberNews https://t.co/phpeWP3drz

    @dilagrafie

    31 Jan 2025

    302 Impressions

    2 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  35. Zero-Day-Schwachstelle bei Ivanti Connect Secure VPN https://t.co/2lb00ZdnT8 Mandiant hat Details zu einer Zero-Day-Schwachstelle (CVE-2025-0282) veröffentlicht, die Ivanti bekannt gegeben und gleichzeitig gepatcht hat und die seine Ivanti Connect Secure VPN („ICS“) Anwen…

    @B2bCyber

    31 Jan 2025

    178 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. "Attackers lodge backdoors into Ivanti Connect Secure devices. ... The backdoor was originally discovered by the National Cyber Security Centre of Finland in a CVE-2025-0282 exploitation case." 🏅🤩 https://t.co/0vCYRlphPb

    @CERTFI

    31 Jan 2025

    857 Impressions

    2 Retweets

    12 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. CVE-2025-0282 Exploit Thousands of targets are still vulnerable https://t.co/gsQaK8R0zz

    @wgujjer11

    29 Jan 2025

    9330 Impressions

    19 Retweets

    173 Likes

    87 Bookmarks

    2 Replies

    0 Quotes

  38. Ivanti Connect Secure encore touché ! CVE-2025-0282, une faille zéro-day, exploitée. Encore des vulnérabilités chez Ivanti... #CyberSecurity #Ivanti https://t.co/LWmentpyJu

    @_F2po_

    28 Jan 2025

    147 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Security alert for Ivanti Connect Secure! CVE-2025-0282, a zero-day flaw, already exploited. Another vulnerability from Ivanti... #CyberSecurity #Ivanti https://t.co/stmuD6lpbV

    @_F2po_

    28 Jan 2025

    151 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Top 5 Trending CVEs: 1 - CVE-2025-23006 2 - CVE-2024-50050 3 - CVE-2024-43468 4 - CVE-2025-0282 5 - CVE-2025-21298 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    27 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Ivanti Connect Secure の脆弱性 CVE-2025-0282:PoC の提供と積極的な悪用 https://t.co/dFud9IYDub Ivanti Connect Secure の脆弱性 CVE-2025-0282 ですが、PoC が提供され、積極的な悪用が観測されているとのことです。ご利用のチームは、十分に… https://t.co/RuFJFRVWiP

    @iototsecnews

    27 Jan 2025

    98 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. [1day1line] CVE-2025-0282: Stack Overflow Vulnerability in Ivanti Connect Secure The vulnerability occurs in Ivanti Connect Secure's handling of IF-T packets, a transport layer protocol used for TNC message delivery. https://t.co/xhBcQTk1k2

    @hackyboiz

    25 Jan 2025

    1078 Impressions

    6 Retweets

    14 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  43. Censys researchers tracking a recently disclosed zero-day vulnerability in Ivanti Connect Secure discovered hundreds of instances may have been compromised through exploits of CVE-2025-0282. Learn more: https://t.co/MnLQVhVja4

    @censysio

    24 Jan 2025

    765 Impressions

    3 Retweets

    11 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  44. 370+ Ivanti Connect Secure Exploiting Using 0-day Vulnerability (CVE-2025-0282) https://t.co/EGnwNmf8IF Over 379 Ivanti Connect Secure (ICS) devices were found to be backdoored following the exploitation of a critical zero-day vulnerability, CVE-2025-0282.  The backdoors inst…

    @f1tym1

    24 Jan 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. We are sharing backdoored Ivanti Connect Secure devices that *may* have been compromised as part of a CVE-2025-0282 exploitation campaign (but also we believe may include older or other activity). 379 new backdoored instances found on 2025-01-22: https://t.co/D8qUuPY5EF https:

    @Shadowserver

    23 Jan 2025

    3014 Impressions

    18 Retweets

    29 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  46. Ivanti Connect Secure SSLVPN RCE vulnerability (CVE-2025-0282). Last week I had some time to modify my original poc by adding the ability to bypass ASLR without using hardcoded memory addresses. https://t.co/q6AZ0gFwyw

    @redtimmysec

    23 Jan 2025

    85 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Critical #ZeroDay Ivanti #VPNvulnerability (CVE-2025-0282) is exploited in the wild! Learn how to protect your network in this #CybersecurityThreatAdvisory: https://t.co/weX3269EJR

    @BarracudaMSP

    22 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications https://t.co/7keMywtNoq Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more informatio…

    @f1tym1

    22 Jan 2025

    227 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  49. Unit 42's latest threat brief provides actionable intelligence on the CVE-2025-0282 vulnerability, using details from our own telemetry. https://t.co/Ilx092CkFQ https://t.co/1HQTaw9d5h

    @Unit42_Intel

    22 Jan 2025

    3250 Impressions

    15 Retweets

    36 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  50. 🚨 CVE-2025-0282: Vulnerabilidad Crítica de Desbordamiento de Búfer en Ivanti Connect Secure 🔒 Se ha identificado un desbordamiento de búfer en los productos de Ivanti Connect Secure, Ivanti Policy Secure e Ivanti Neurons for ZTA Gateways. https://t.co/5kee3QihhN

    @BanCERT_gt

    21 Jan 2025

    184 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations