Ivanti has disclosed two critical vulnerabilities in its Connect Secure, Policy Secure, and Neurons for ZTA gateway devices, including one actively exploited zero-day vulnerability. The vulnerabilities, CVE-2025-0282 and CVE-2025-0283, pose serious risks, with the former allowing remote code execution and the latter enabling privilege escalation. Users are urged to apply patches immediately. Affected: Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Neurons for ZTA
Keypoints :
- Ivanti disclosed two vulnerabilities affecting Connect Secure, Policy Secure, and Neurons for ZTA gateways.
- CVE-2025-0282 is a stack-based buffer overflow allowing remote code execution.
- CVE-2025-0283 is a stack-based buffer overflow that allows privilege escalation for local authenticated attackers.
- CVE-2025-0282 has been observed being exploited in the wild.
- Ivanti recommends immediate patching due to historical exploitation of these devices.
- Customers can use the Integrity Checker Tool to identify exploitation of CVE-2025-0282.
- Patch versions are available for affected products, with some fixes unavailable until January 21.
MITRE Techniques :
- Execution (T1203) – Remote code execution achieved through CVE-2025-0282.
- Privilege Escalation (T1068) – Privilege escalation achieved through CVE-2025-0283.
Indicator of Compromise :
- [file name] Integrity Checker Tool (ICT)
- [others ioc] CVE-2025-0282
- [others ioc] CVE-2025-0283
- [others ioc] Ivanti Connect Secure
- [others ioc] Ivanti Policy Secure
- Check the article for all found IoCs.
Full Research: https://www.tenable.com/blog/cve-2025-0282-ivanti-connect-secure-zero-day-vulnerability-exploited-in-the-wild