Detections
Analytics

CVE-2025-0282

critical

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-0282

https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282

https://www.darkreading.com/endpoint-security/fixed-ivanti-bugs-japan-orgs-6-months-later

https://thehackernews.com/2025/07/ivanti-zero-days-exploited-to-drop.html

https://www.theregister.com/2025/04/25/more_ivanti_attacks_may_be/

https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html

https://securityaffairs.com/177002/malware/jpcert-warns-of-dslogdrat-malware-deployed-in-ivanti-connect-secure.html

https://therecord.media/cisa-ivanti-firewall-bug-exploitation

https://www.darkreading.com/vulnerabilities-threats/china-linked-threat-group-exploits-ivanti-bug

https://www.bleepingcomputer.com/news/security/ivanti-patches-connect-secure-zero-day-exploited-since-mid-march/

https://cyberscoop.com/china-espionage-group-ivanti-vulnerability-exploits/

https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability

https://www.theregister.com/2025/04/01/cisa_ivanti_warning/

https://www.securityweek.com/cisa-analyzes-malware-used-in-ivanti-connect-secure-zero-day-attacks/

https://www.darkreading.com/cyberattacks-data-breaches/cisa-warns-resurge-malware-ivanti-vuln

https://thehackernews.com/2025/03/resurge-malware-exploits-ivanti-flaw.html

https://securityaffairs.com/176040/breaking-news/cisa-warns-of-resurge-malware-exploiting-ivanti-flaw.html

https://www.cisa.gov/news-events/analysis-reports/ar25-087a

https://www.cisa.gov/news-events/alerts/2025/03/28/cisa-releases-malware-analysis-report-resurge-malware-associated-ivanti-connect-secure

https://cyberscoop.com/silk-typhoon-targets-it-services/

https://www.theregister.com/2025/03/05/china_silk_typhoon_update/

https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/

https://www.infosecurity-magazine.com/news/silk-typhoon-exploits-common/

https://www.darkreading.com/remote-workforce/china-silk-typhoon-it-supply-chain-attacks

https://www.bleepingcomputer.com/news/security/silk-typhoon-hackers-now-target-it-supply-chains-to-breach-networks/

https://thehackernews.com/2025/03/china-linked-silk-typhoon-expands-cyber.html

https://thehackernews.com/2025/02/ivanti-patches-critical-flaws-in.html

https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2025-0282-cve-2025-0283/

https://www.securityweek.com/many-ivanti-vpns-still-unpatched-as-uk-domain-registry-emerges-as-victim-of-exploitation/

https://www.darkreading.com/vulnerabilities-threats/critical-ivanti-rce-bug

https://www.securityweek.com/exploitation-of-new-ivanti-vpn-zero-day-linked-to-chinese-cyberspies/

https://www.bleepingcomputer.com/news/security/google-chinese-hackers-likely-behind-ivanti-vpn-zero-day-attacks/

https://therecord.media/china-espionage-ivanti-vulnerabilities-mandiant

https://www.securityweek.com/ivanti-warns-of-new-zero-day-attacks-hitting-connect-secure-product/

https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-flaw-used-in-zero-day-attacks/

https://therecord.media/ivanti-warns-of-hackers-exploiting-new-vulnerability

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day

https://www.tenable.com/blog/cve-2025-0282-ivanti-connect-secure-zero-day-vulnerability-exploited-in-the-wild

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283

Details

Source: Mitre, NVD

Published: 2025-01-08

Updated: 2025-03-17

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.93244

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Interest