← back
CVE-2025-0282

CVE-2025-0282

CVSS 9 CRITICALEPSS 100.0%● KEVCWE-121
In short

A flaw in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA allows attackers to overflow a memory buffer and execute arbitrary code on the system without needing to log in. This is critical because it gives attackers complete control over vulnerable servers.

Technical detail

Stack-based buffer overflow in affected Ivanti gateway products allows remote unauthenticated attackers to corrupt the call stack and achieve arbitrary code execution. The vulnerability requires no authentication and can be exploited via network access to the vulnerable service, posing immediate risk to exposed instances.

Summary generated and translated by AI from the official description.
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Ivanti · Connect SecureIvanti · Neurons for ZTA gatewaysIvanti · Policy Secure
public PoCs found11
githubgithub.com/absholi7ly/CVE-2025-0282-Ivanti-exploit53cve_referencegithub.com/sfewer-r7/CVE-2025-028251githubgithub.com/watchtowrlabs/CVE-2025-028231githubgithub.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser5githubgithub.com/AnonStorks/CVE-2025-0282-Full-version4githubgithub.com/punitdarji/Ivanti-CVE-2025-02823githubgithub.com/AdaniKamal/CVE-2025-02822githubgithub.com/almanatra/CVE-2025-02822githubgithub.com/rxwx/pulse-meter1githubgithub.com/gmh5225/Blackash-CVE-2025-02820exploitdbwww.exploit-db.com/exploits/52213unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-dayhttps://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283https://github.com/sfewer-r7/CVE-2025-0282https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0282https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-0282