Security News > 2025 > January > Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)
2025-01-08 19:39

Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways, one of which (CVE-2025-0282) has been exploited as a zero-day by attackers to compromise Connect Secure VPN appliances. About CVE-2025-0282 and CVE-2025-0283 Both are stack-based buffer overflow issues: CVE-2025-0282 allows for unauthenticated remote code execution, CVE-2025-0283 can be used by a local authenticated attacker to escalate their privileges. Ivanti says that a “limited number “of customers’ Ivanti Connect Secure appliances have … More → The post Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2025/01/08/ivanti-exploited-connect-secure-zero-day-cve-2025-0282-cve-2025-0283/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-01-08 CVE-2025-0283 Out-of-bounds Write vulnerability in Ivanti Connect Secure 7.1/7.4
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
local
high complexity
ivanti CWE-787
7.0
7.0
2025-01-08 CVE-2025-0282 Out-of-bounds Write vulnerability in Ivanti products
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
network
high complexity
ivanti CWE-787
critical
 9.0
9.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 29 1 56 184 81 322