CVE-2025-0282

Published Jan 8, 2025

Last updated 19 hours ago

Exploit knownCVSS critical 9.0

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-0282 is a stack-based buffer overflow vulnerability that affects several Ivanti network appliances, including Ivanti Connect Secure (versions prior to 22.7R2.5), Ivanti Policy Secure (versions prior to 22.7R1.2), and Ivanti Neurons for ZTA gateways (versions prior to 22.7R2.3). This vulnerability allows a remote, unauthenticated attacker to execute arbitrary code on affected systems. Exploitation of this vulnerability was first observed in mid-December 2024, and Ivanti disclosed the vulnerability on January 8, 2025. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog. It appears the vulnerability is related to the handling of IFT (IF-T) connections.

Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Undergoing Analysis

Insights

Analysis from the Intruder Security Team
Published Jan 9, 2025

Buffer Overflows such as this one require an advanced skillset, and time and knowledge to exploit. In addition, the exploit must be specific to the version that is targeted (as noted by Google Mandiant).

The recommendation is to fix according to your usual critical patching schedule, but prioritise over other criticals as this vulnerability has been added to the KEV list. That said, due to the complexities with this vulnerability class, we don't expect widespread exploitation.

Patching information has been released by Ivanti. However, the recommendation to use the ICT scanner by Ivanti appears to be flawed as pointed out by Google Mandiant. To help with detecting compromises, they have released YARA rules for this vulnerability.

Risk scores

CVSS 3.1

Type
Primary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Exploit added on
Jan 8, 2025
Exploit action due
Jan 15, 2025
Required action
Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-121
nvd@nist.gov
CWE-787

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. The SPAWNCHIMERA malware is exploiting the Ivanti Connect Secure vulnerability (CVE-2025-0282) with enhanced tactics. Multiple cases confirmed in Japan. ⚠️ #Ivanti #Malware #JapanCybersecurity link: https://t.co/FELndPyHc2 https://t.co/UhfskB5FqK

    @TweetThreatNews

    20 Feb 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #100DaysofYARA Day 49 Detects SPAWNSLOTH, a Linux based Log Tampering Utility that was also reported to be used to target Ivanti Connect Secure VPN in a New Zero-Day Exploitation (CVE-2025-0282) by 🇨🇳 Threat Cluster UNC5221 🐧 https://t.co/rP2RfxrZmi https://t.co/dMBM6HMwiG

    @RustyNoob619

    18 Feb 2025

    772 Impressions

    3 Retweets

    14 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  3. SPAWNCHIMERA malware is exploiting the Ivanti zero-day vulnerability (CVE-2025-0282), posing a critical security risk. More details: https://t.co/l5OXod4MPC #CyberSecurity #Malware

    @adriananglin

    17 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. SPAWNCHIMERA: New Malware Exploits Ivanti Zero-Day Flaw (CVE-2025-0282) https://t.co/ahWtp3UPyr

    @Dinosn

    17 Feb 2025

    2945 Impressions

    5 Retweets

    18 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  5. 【セキュリティ ニュース】Ivanti脆弱性、国内でも12月下旬より悪用 - マルウェアにパッチ機能:Security NEXT https://t.co/uBpJYgocRO 『「Ivanti Connect Secure(ICS)」に脆弱性「CVE-2025-0282」が明らかとなった問題で、国内では2024年12月下旬より攻撃が発生していることがわかった』

    @Syynya

    14 Feb 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 【更新】Ivanti Connect Secureなどにおける脆弱性(CVE-2025-0282)に関する注意喚起を更新。JPCERT/CCでは、本脆弱性公開前の2024年12月下旬から本脆弱性が悪用された被害を国内で複数確認しています。対象製品の利用者は、侵害有無を確認する調査も実施ください。^KK https://t.co/gdUnM50ZVY

    @jpcert

    13 Feb 2025

    3708 Impressions

    10 Retweets

    13 Likes

    1 Bookmark

    0 Replies

    1 Quote

  7. JPCERT/CC researchers show how the CVE-2025-0282 vulnerability in Ivanti Connect Secure led to an updated version of the SPAWN family. The SPAWNCHIMERA malware combines the updated functions of SPAWNANT, SPAWNMOLE and SPAWNSNAIL into one. https://t.co/7GWR0xjGw1 https://t.co/22JY

    @virusbtn

    12 Feb 2025

    2103 Impressions

    11 Retweets

    34 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  8. JPCERT/CCにてIvanti Connect Secureの脆弱性CVE-2025-0282を利用して設置されたマルウェアSPAWNCHIMERAについて解説しています。^YM https://t.co/xzSJX2TbGg

    @jpcert_ac

    12 Feb 2025

    2257 Impressions

    14 Retweets

    16 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  9. Exploiting an unauthenticated Remote Code Execution vulnerability in Ivanti Secure (VPN) (CVE-2025-0282) https://t.co/eK2xJcAGTz… #cybersecurity #ivantill https://t.co/DjsUjtYWVa

    @excellenc_e

    11 Feb 2025

    477 Impressions

    0 Retweets

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Hey! Ivanti's new VPN zero-day (CVE-2025-0282) is a *stack-based buffer overflow*! Experts say patch AND factory reset. Nuke it from orbit! #cybersecurity https://t.co/SWh5X23Ksc

    @storagetechnews

    9 Feb 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    6 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Vulnérabilité logiciels Ivanti Connect Secure | CVE-2025-0282 - Stormshield https://t.co/6eQ5Ct3x2u #PreventionInternet #Cybersécurité

    @Prevention_web

    4 Feb 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Exploiting an unauthenticated Remote Code Execution vulnerability in Ivanti Secure (VPN) (CVE-2025-0282) https://t.co/g7Xg4ib4HC #cybersecurity #ivanti https://t.co/J7Nevy5dwf

    @0xor0ne

    3 Feb 2025

    7121 Impressions

    58 Retweets

    221 Likes

    82 Bookmarks

    1 Reply

    0 Quotes

  14. Top 5 Trending CVEs: 1 - CVE-2024-8381 2 - CVE-2024-10487 3 - CVE-2025-24118 4 - CVE-2025-24162 5 - CVE-2025-0282 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Feb 2025

    259 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. İvanti Connect Secure CVE-2025-0282 https://t.co/5pUHvitq9I

    @y1659rsgh

    31 Jan 2025

    25 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  16. ⚡CVE-2025-0282 Exploit Thousands of targets are still vulnerable. #CyberNews https://t.co/phpeWP3drz

    @dilagrafie

    31 Jan 2025

    302 Impressions

    2 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  17. Zero-Day-Schwachstelle bei Ivanti Connect Secure VPN https://t.co/2lb00ZdnT8 Mandiant hat Details zu einer Zero-Day-Schwachstelle (CVE-2025-0282) veröffentlicht, die Ivanti bekannt gegeben und gleichzeitig gepatcht hat und die seine Ivanti Connect Secure VPN („ICS“) Anwen…

    @B2bCyber

    31 Jan 2025

    178 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. "Attackers lodge backdoors into Ivanti Connect Secure devices. ... The backdoor was originally discovered by the National Cyber Security Centre of Finland in a CVE-2025-0282 exploitation case." 🏅🤩 https://t.co/0vCYRlphPb

    @CERTFI

    31 Jan 2025

    857 Impressions

    2 Retweets

    12 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-0282 Exploit Thousands of targets are still vulnerable https://t.co/gsQaK8R0zz

    @wgujjer11

    29 Jan 2025

    9330 Impressions

    19 Retweets

    173 Likes

    87 Bookmarks

    2 Replies

    0 Quotes

  20. Ivanti Connect Secure encore touché ! CVE-2025-0282, une faille zéro-day, exploitée. Encore des vulnérabilités chez Ivanti... #CyberSecurity #Ivanti https://t.co/LWmentpyJu

    @_F2po_

    28 Jan 2025

    147 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Security alert for Ivanti Connect Secure! CVE-2025-0282, a zero-day flaw, already exploited. Another vulnerability from Ivanti... #CyberSecurity #Ivanti https://t.co/stmuD6lpbV

    @_F2po_

    28 Jan 2025

    151 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Top 5 Trending CVEs: 1 - CVE-2025-23006 2 - CVE-2024-50050 3 - CVE-2024-43468 4 - CVE-2025-0282 5 - CVE-2025-21298 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    27 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Ivanti Connect Secure の脆弱性 CVE-2025-0282:PoC の提供と積極的な悪用 https://t.co/dFud9IYDub Ivanti Connect Secure の脆弱性 CVE-2025-0282 ですが、PoC が提供され、積極的な悪用が観測されているとのことです。ご利用のチームは、十分に… https://t.co/RuFJFRVWiP

    @iototsecnews

    27 Jan 2025

    98 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. [1day1line] CVE-2025-0282: Stack Overflow Vulnerability in Ivanti Connect Secure The vulnerability occurs in Ivanti Connect Secure's handling of IF-T packets, a transport layer protocol used for TNC message delivery. https://t.co/xhBcQTk1k2

    @hackyboiz

    25 Jan 2025

    1078 Impressions

    6 Retweets

    14 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  25. Censys researchers tracking a recently disclosed zero-day vulnerability in Ivanti Connect Secure discovered hundreds of instances may have been compromised through exploits of CVE-2025-0282. Learn more: https://t.co/MnLQVhVja4

    @censysio

    24 Jan 2025

    765 Impressions

    3 Retweets

    11 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  26. 370+ Ivanti Connect Secure Exploiting Using 0-day Vulnerability (CVE-2025-0282) https://t.co/EGnwNmf8IF Over 379 Ivanti Connect Secure (ICS) devices were found to be backdoored following the exploitation of a critical zero-day vulnerability, CVE-2025-0282.  The backdoors inst…

    @f1tym1

    24 Jan 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. We are sharing backdoored Ivanti Connect Secure devices that *may* have been compromised as part of a CVE-2025-0282 exploitation campaign (but also we believe may include older or other activity). 379 new backdoored instances found on 2025-01-22: https://t.co/D8qUuPY5EF https:

    @Shadowserver

    23 Jan 2025

    3014 Impressions

    18 Retweets

    29 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  28. Ivanti Connect Secure SSLVPN RCE vulnerability (CVE-2025-0282). Last week I had some time to modify my original poc by adding the ability to bypass ASLR without using hardcoded memory addresses. https://t.co/q6AZ0gFwyw

    @redtimmysec

    23 Jan 2025

    85 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Critical #ZeroDay Ivanti #VPNvulnerability (CVE-2025-0282) is exploited in the wild! Learn how to protect your network in this #CybersecurityThreatAdvisory: https://t.co/weX3269EJR

    @BarracudaMSP

    22 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications https://t.co/7keMywtNoq Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more informatio…

    @f1tym1

    22 Jan 2025

    227 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  31. Unit 42's latest threat brief provides actionable intelligence on the CVE-2025-0282 vulnerability, using details from our own telemetry. https://t.co/Ilx092CkFQ https://t.co/1HQTaw9d5h

    @Unit42_Intel

    22 Jan 2025

    3250 Impressions

    15 Retweets

    36 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨 CVE-2025-0282: Vulnerabilidad Crítica de Desbordamiento de Búfer en Ivanti Connect Secure 🔒 Se ha identificado un desbordamiento de búfer en los productos de Ivanti Connect Secure, Ivanti Policy Secure e Ivanti Neurons for ZTA Gateways. https://t.co/5kee3QihhN

    @BanCERT_gt

    21 Jan 2025

    184 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. آسیب پذیری با کد شناسایی CVE-2025-0282 برای محصول Ivanti Connect Secure از نوع execute arbitrary code منتشر شده است. نمره این آسیب پذیری 9 بوده و در ورژن های قبل از 22.7R2.5 این محصول وجود دارد ، هکرها امکان اجرای کد به صورت Remote را دارند. https://t.co/Poz3aKYxT1 https://t.co

    @AmirHossein_sec

    21 Jan 2025

    187 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🚨As of early 2025, the landscape of cybersecurity vulnerabilities continues to evolve, with new threats emerging frequently. Ivanti VPN Appliances Vulnerabilities: CVE-2025-0282: Stack-based buffer overflow vulnerability allowing unauthenticated remote code execution.… https://

    @abdussaboor_com

    20 Jan 2025

    159 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🚨As of early 2025, the landscape of cybersecurity vulnerabilities continues to evolve, with new threats emerging frequently. Ivanti VPN Appliances Vulnerabilities: CVE-2025-0282: Stack-based buffer overflow vulnerability allowing unauthenticated remote code execution.… https://

    @sgsecnet

    20 Jan 2025

    199 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. #threatreport #HighCompleteness Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17) | 18-01-2025 Source: https://t.co/isJwZtyGKg Key details below ↓ 🧑‍💻Actors/Campaigns: Cl-unk-079 Unc5337 💀Threats: Spawnmole, Spawnsloth, Spawnsnail,… https://t.co/atTfxKSsjq http

    @rst_cloud

    19 Jan 2025

    199 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Critical vulnerabilities (CVE-2025-0282 & CVE-2025-0283) in Ivanti Connect Secure allow attackers to execute code & escalate privileges. Patching is essential to mitigate risks. ⚠️ #Ivanti #RemoteAccess #USA link: https://t.co/f060O2HOzG https://t.co/bF50lrAiGE

    @TweetThreatNews

    19 Jan 2025

    132 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  38. CL-UNK-0979 Exploit Zero-Day Flaw in Ivanti Connect Secure to Gain Access to Networks Stay informed about the latest vulnerabilities in Ivanti products. CVE-2025-0282 and CVE-2025-0283 can allow attackers to remotely execute code and escalate privileges. https://t.co/RANCqO29MT

    @the_yellow_fall

    19 Jan 2025

    292 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. CVE-2025-0282 is a critical, stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways, allowing remote, unauthenticated code execution. Immediate patching and monitoring are essential to mitigate this threat.

    @vishal_rayansec

    18 Jan 2025

    189 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure https://t.co/xzAOUZtmV6 posted by: Center for Cyber Diplomacy and International Security The Hacker News ( Monitored by: Vladimir Tsakanyan )

    @CCDISRESEARCH

    18 Jan 2025

    127 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. #Ivanti ha emitido una alerta sobre una grave #vulnerabilidad #0day que ha sido explotada activamente en #ConnectSecure en el marco de ataques dirigidos. CVE-2025-0282 permite ejecutar comandos y tomar control de servidores vulnerables. Más info 👇👇 https://t.co/byTOt3vI7T h

    @ojo_cibernetico

    18 Jan 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Se descubrió una vulnerabilidad en los sistemas VPN seguros de Ivanti Connect, denominada CVE-2025-0282, capaz de implementar malware personalizado. Esta falla crítica de ciberseguridad afecta a Connect Secure, Policy Secure y Neurons para las puertas de enlace ZTA. 🧉 https://

    @MarquisioX

    17 Jan 2025

    159 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 🚨 Vulnerabilidad Ivanti CVE-2025-0282 está siendo explotada activamente. Afecta a Connect Secure y Policy Secure. ¡Prioriza los parches y asegura tus sistemas! 🔒 #Ciberseguridad #Vulnerabilidad, info@thehackernews.com (The Hacker News), https://t.co/g8vsLZqoYn

    @Hackman_PR

    17 Jan 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Breach alert! Zero-day vulnerabilities in Fortinet FortiGate (CVE-2024-55591) & Ivanti gateways (CVE-2025-0282) are causing havoc. Threat actors can now play super-admin! More in our threat advisory. Protect your data before it's too late! https://t.co/CVvdwauytQ

    @sequretek_sqtk

    17 Jan 2025

    221 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. CVE-2025-0282: ¡Urgente! Ivanti ha reportado una vulnerabilidad crítica en sus soluciones. Asegúrate de actualizar a versiones seguras y protege tu información sensible. Actúa ahora ➡️ https://t.co/1QXdRulBdk #Ciberseguridad #Ivanti #Vulnerabilidad

    @SotyHub

    17 Jan 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. ⚠️ ¡Atención organizaciones! La vulnerabilidad crítica CVE-2025-0282 afecta a Ivanti Connect Secure y Policy Secure. Actualiza tus sistemas YA y protege tus datos sensibles. Descubre más aquí 👉 https://t.co/1QXdRulBdk #Ciberseguridad #Ivanti #Vulnerabilidad

    @SotyHub

    17 Jan 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 🚨 ¡Alerta de ciberseguridad! La vulnerabilidad crítica CVE-2025-0282 en Ivanti expone a muchas organizaciones en España. Actualiza tus sistemas y protege tus datos. Descubre más aquí: https://t.co/1QXdRulBdk #Ciberseguridad #Ivanti #ProtecciónDatos

    @SotyHub

    17 Jan 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17) https://t.co/m9cdWAII8n

    @itsecuritynewsl

    17 Jan 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure https://t.co/xzAOUZtmV6 posted by: Center for Cyber Diplomacy and International Security The Hacker News ( Monitored by: Vladimir Tsakanyan )

    @CCDISRESEARCH

    17 Jan 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Ivanti Connect Secure'de Kritik Güvenlik Açığı (CVE-2025-0282): PoC Yayınlandı ve Aktif Olarak Sömürülüyor https://t.co/E8CZFbQSXL

    @cyberwebeyeos

    17 Jan 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References