Vulnerabilities > CVE-2025-0282 - Out-of-bounds Write vulnerability in Ivanti products

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

ivanti

CWE-787

critical

NVD

Published: 2025-01-08

Updated: 2025-01-14

Summary

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Ivanti Ivanti Connect Secure 22.7 Ivanti Policy Secure 22.7 Ivanti Neurons FOR Zero Trust Access 22.7	11

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283
https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References