CVE-2025-0282

Summary

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Affected Software

VendorProductVersion RangeStatus
IvantiConnect Secure22.7R2 <= 22.7R2.4affected
IvantiConnect Secure22.7R2.5unaffected
IvantiPolicy Secure22.7R1 <= 22.7R1.2affected
IvantiNeurons for ZTA gateways22.7R2 <= 22.7R2.3affected
IvantiNeurons for ZTA gateways22.7R2.5unaffected

Weaknesses

  • CWE-121: CWE-121: Stack-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References