CVE-2025-0282

Warnung

Medienbericht

Exploit

EPSS 94.11%
Veröffentlicht 08.01.2025 23:15:09
Zuletzt bearbeitet 17.03.2025 19:24:45
Quelle 3c1d8aa1-5a33-4ea4-8992-aadd64
Teams Watchlist Login
Unerledigt Login

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 2 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ivanti ≫ Connect Secure Version22.7 Updater2

Ivanti ≫ Connect Secure Version22.7 Updater2.1

Ivanti ≫ Connect Secure Version22.7 Updater2.2

Ivanti ≫ Connect Secure Version22.7 Updater2.3

Ivanti ≫ Connect Secure Version22.7 Updater2.4

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater2

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater2.2

Ivanti ≫ Neurons For Zero-trust Access Version22.7 Updater2.3

Ivanti ≫ Policy Secure Version22.7 Updater1

Ivanti ≫ Policy Secure Version22.7 Updater1.1

Ivanti ≫ Policy Secure Version22.7 Updater1.2

08.01.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Schwachstelle

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.

Beschreibung

Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.11%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	2.2	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
3c1d8aa1-5a33-4ea4-8992-aadd6440af75	9	2.2	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.heise.de/news/CISA-warnt-vor-Malware-Resurge-nach-Ivanti-ICS-Attacken-10333868.html

Medienbericht

heise Security

https://www.heise.de/news/CrushFTP-Neuer-CVE-Eintrag-und-Details-zu-attackierter-Schwachstelle-10343791.html

Medienbericht

heise Security

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283

Vendor Advisory

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day

Exploit