Security News > 2025 > January > Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
2025-01-09 07:13

Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2


News URL

https://thehackernews.com/2025/01/ivanti-flaw-cve-2025-0282-actively.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-01-08 CVE-2025-0282 Out-of-bounds Write vulnerability in Ivanti products
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
network
high complexity
ivanti CWE-787
critical
 9.0
9.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 29 1 53 173 79 306