CVE-2025-0282: A Critical Flaw in Ivanti Products

CVE-2025-0282: A Critical Flaw in Ivanti Products

share on :

CVE-2025-0282: A Critical Flaw in Ivanti Products

A critical security vulnerability, CVE-2025-0282, has been identified in Ivanti’s Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow flaw enables remote, unauthenticated attackers to execute arbitrary code on affected devices, potentially leading to severe consequences such as complete system compromise, data theft, network disruption, and ransomware deployment.

Ivanti has acknowledged the issue, stating,

We are aware of a limited number of customers’ Ivanti Connect Secure appliances being exploited by CVE-2025-0282 at the time of disclosure.

Read more at ivanti forums: Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283) 

The company has released patches to address the vulnerability and urges all users to apply these updates immediately. The fixed versions are available in their standard download portal.

Read Tenable Blog about vulnerability: CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild

The affected products and versions include Ivanti Connect Secure versions prior to 22.7R2.5, Ivanti Policy Secure versions prior to 22.7R1.2, and Ivanti Neurons for ZTA gateways versions prior to 22.7R2.3. Ivanti recommends that customers utilize its Integrity Checker Tool (ICT) to identify any exploitation of CVE-2025-0282.

Affected Versions:
CVE-2025-0282: A Critical Flaw in Ivanti Products
CVE-2025-0282: A Critical Flaw in Ivanti Products

Given the critical nature of this vulnerability and its active exploitation in the wild, organizations are strongly advised to prioritize the application of these patches. Additionally, monitoring system logs for suspicious activity, implementing network segmentation, enforcing strong authentication and access controls, and maintaining up-to-date software are essential steps to mitigate potential risks.

By taking prompt action, organizations can significantly reduce their exposure to this critical security threat and protect their systems and data from potential exploitation.

See more: Critical Adobe ColdFusion Flaw Under Active Attack

See more: Critical Vulnerability Discovered in SonicWall SSLVPN

We hope you found article interesting. For more exclusive content follow us on FacebookTwitter and LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

advertisement Box

trending news