Security News > 2025 > January > UK domain registry Nominet breached via Ivanti zero-day
2025-01-13 20:03
The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver Foundation shared today. In the meantime, UK domain registry Nominet became the first publicly known victim of attackers exploiting the recently patched Ivanti zero-day. CVE-2025-0282 zero-day attacks CVE-2025-0282 is a stack-based buffer overflow vulnerability that allowed unauthenticated attackers to breach VPN appliances used by a number of (still publicly … More → The post UK domain registry Nominet breached via Ivanti zero-day appeared first on Help Net Security.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-08 | CVE-2025-0282 | Out-of-bounds Write vulnerability in Ivanti products A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | 9.0 |