CVE-2025-0282
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Jan 8, 2025
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Ivanti / Connect Secure, Policy Secure, and ZTA Gateways
Vulnerability
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Added to KEV
Jan 8, 2025
Remediate by
Jan 15, 2025
Known ransomware use
Yes
Summary description
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.
Required action
Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.
Notes
CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0282