Security News > 2025 > January > Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)
2025-01-08 19:39
Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways, one of which (CVE-2025-0282) has been exploited as a zero-day by attackers to compromise Connect Secure VPN appliances. About CVE-2025-0282 and CVE-2025-0283 Both are stack-based buffer overflow issues: CVE-2025-0282 allows for unauthenticated remote code execution, CVE-2025-0283 can be used by a local authenticated attacker to escalate their privileges. Ivanti says that a “limited number “of customers’ Ivanti Connect Secure appliances have … More → The post Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) appeared first on Help Net Security.
News URL
Related news
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (source)
- Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) (source)
- Ivanti fixes EPMM zero-days chained in code execution attacks (source)
- Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) (source)
- Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems (source)
- Ivanti patches two zero-days under active attack as intel agency warns customers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-08 | CVE-2025-0283 | Out-of-bounds Write vulnerability in Ivanti Connect Secure 7.1/7.4 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. | 7.0 |
| 2025-01-08 | CVE-2025-0282 | Out-of-bounds Write vulnerability in Ivanti products A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | 9.0 |