CVE-2025-0282
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
CVSS
—
Sin CVSS
EPSS
100.0%
p100
KEV
SÍ
8 ene 2025
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Ivanti / Connect Secure, Policy Secure, and ZTA Gateways
Vulnerabilidad
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Añadido a KEV
8 ene 2025
Remediar antes de
15 ene 2025
Uso conocido en ransomware
Sí
Descripción resumida
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.
Acción requerida
Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.
Notas
CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0282