CVE-2025-0283Stack-based Buffer Overflow in Ivanti Connect Secure

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write8 documents6 sources
Severity
7.0HIGHNVD
EPSS
45.1%
top 2.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Ivanti Connect SecureIvanti Policy SecureIvanti Neurons FOR Zero-trust Access
Timeline
PublishedJan 8
Latest updateJan 17

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

NVDivanti/policy_secure< 22.7+1
NVDivanti/connect_secure22.222.7+6
CVEListV5ivanti/policy_secure22.7R1.2
NVDivanti/neurons6 versions+5

🔴Vulnerability Details

3
GHSA
GHSA-j5g5-c424-7xqg: A stack-based buffer overflow in Ivanti Connect Secure before version 222025-01-09
CVEList
CVE-2025-0283: A stack-based buffer overflow in Ivanti Connect Secure before version 222025-01-08
VulnCheck
Ivanti Connect Secure, Policy Secure, and Neurons stack-based buffer overflow2025

🕵️Threat Intelligence

4
Unit42
Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated March 11)2025-01-17
Unit42
Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated March 11)2025-01-17
Wiz
CVE-2025-0282 and CVE-2025-0283: Ivanti 0days in the Wild | Wiz Blog2025-01-09
Wiz
CVE-2025-0282 and CVE-2025-0283: Ivanti 0days in the Wild | Wiz Blog2025-01-09
CVE-2025-0283 — Stack-based Buffer Overflow in Ivanti | cvebase