⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.. Due date: 2025-01-15.

CVE-2025-0282Stack-based Buffer Overflow in Ivanti Connect Secure

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write18 documents13 sources
Severity
9.0CRITICALNVD
EPSS
94.1%
top 0.09%
CISA KEV
KEVRansomware
Added 2025-01-08
Due 2025-01-15
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Ivanti Connect SecureIvanti Neurons FOR ZTA GatewaysIvanti Policy Secure+1 more
Timeline
PublishedJan 8
KEV addedJan 8
KEV dueJan 15
Latest updateFeb 27
CISA Required Action: Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages6 packages

CVEListV5ivanti/policy_secure22.7R122.7R1.2
CVEListV5ivanti/connect_secure22.7R222.7R2.4
CVEListV5ivanti/neurons_for_zta_gateways22.7R222.7R2.3

🔴Vulnerability Details

3
GHSA
GHSA-rf94-f4r9-6gxh: A stack-based buffer overflow in Ivanti Connect Secure before version 222025-01-09
CVEList
CVE-2025-0282: A stack-based buffer overflow in Ivanti Connect Secure before version 222025-01-08
VulnCheck
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability2025

💥Exploits & PoCs

2
Exploit-DB
Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE)2025-04-15
Nuclei
Ivanti Connect Secure - Stack-based Buffer Overflow

🔍Detection Rules

2
Suricata
ET EXPLOIT Ivanti Connect Secure VPN IF-T/TLS clientCapabilities Remote Code Execution (CVE-2025-0282)2025-01-13
Suricata
ET WEB_SPECIFIC_APPS Ivanti Connect Secure Host Checker Recon (CVE-2025-0282)2025-01-09

📋Vendor Advisories

2
Ivanti
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability2025-01-08
CISA
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability2025-01-08

🕵️Threat Intelligence

7
Bleepingcomputer
CISA warns that RESURGE malware can be dormant on Ivanti devices2026-02-27
Unit42
Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated March 11)2025-01-17
Unit42
Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated March 11)2025-01-17
Wiz
CVE-2025-0282 and CVE-2025-0283: Ivanti 0days in the Wild | Wiz Blog2025-01-09
Bleepingcomputer
Ivanti zero-day attacks infected devices with custom malware2025-01-09
CVE-2025-0282 — Stack-based Buffer Overflow in Ivanti | cvebase