9

CVE-2025-0282

Warnung
Medienbericht
Exploit
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IvantiConnect Secure Version22.7 Updater2
IvantiConnect Secure Version22.7 Updater2.1
IvantiConnect Secure Version22.7 Updater2.2
IvantiConnect Secure Version22.7 Updater2.3
IvantiConnect Secure Version22.7 Updater2.4
IvantiNeurons For Zero-trust Access Version22.7 Updater2
IvantiNeurons For Zero-trust Access Version22.7 Updater2.2
IvantiNeurons For Zero-trust Access Version22.7 Updater2.3
IvantiPolicy Secure Version22.7 Updater1
IvantiPolicy Secure Version22.7 Updater1.1
IvantiPolicy Secure Version22.7 Updater1.2

08.01.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Schwachstelle

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.

Beschreibung

Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 99.97% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
3c1d8aa1-5a33-4ea4-8992-aadd6440af75 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283
Vendor Advisory
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
Exploit
Technical Description
https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282
Third Party Advisory
US Government Resource
https://github.com/sfewer-r7/CVE-2025-0282
Exploit
https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/
Third Party Advisory
Exploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-0282
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0282
US Government Resource