CVE-2025-0282 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-01-08

Added to CISA KEV: 2025-01-08 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately update to patched versions: Connect Secure 22.7R2.5+, Policy Secure 22.7R1.2+, Neurons for ZTA 22.7R2.5+
If immediate patching not possible, consider temporarily blocking external access and implementing workarounds per CISA guidance
Monitor network traffic for unusual patterns and unauthorized access attempts
Implement network segmentation to limit potential lateral movement
Patch priority: EMERGENCY - apply immediately due to active exploitation

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-0282 is a critical vulnerability affecting Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Neurons for ZTA gateways ^[1].

Overview and Impact

Vulnerability Type: Stack-based buffer overflow in the handling of the `clientCapabilities` parameter ^[6].
Impact: Successful exploitation allows a remote, unauthenticated attacker to achieve Remote Code Execution (RCE) on the affected appliance ^[1].

Exploitation and Threat Activity

Active Exploitation: The vulnerability was exploited in the wild as a zero-day, with observed activity dating back to at least December 2024 ^[4].
Threat Actor Usage: It has been used by threat actors to gain initial access to critical infrastructure environments ^[5].
Attack Requirements: The attack is network-based and does not require authentication or user interaction ^[1].
PoC Availability: Proof-of-concept (PoC) code has been publicly released, including implementations based on technical research from security firms like watchTowr ^[2] ^[7].

Affected Versions and Mitigation

The vulnerability affects versions prior to the following releases:

Ivanti Connect Secure: Before 22.7R2.5 ^[1]
Ivanti Policy Secure: Before 22.7R1.2 ^[1]
Ivanti Neurons for ZTA gateways: Before 22.7R2.3 ^[1]

Organizations are advised to apply the vendor-provided patches immediately, as this vulnerability is included in the CISA Known Exploited Vulnerabilities (KEV) catalog ^[3].

Sources

CVE-2025-0282 Details - NVD
Description. A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, ... An official website of the United States government Here's how you know ... National Vulnerability Database. Vulnerabilities. CVE-2025-0282 Detail. Descripti…
GitHub - sfewer-r7/CVE-2025-0282: PoC for CVE-2025-0282: A remote...
sfewer-r7 / CVE-2025-0282 Public. Notifications You must be signed in to change notification settings. Fork 11.This is a proof of concept exploit to demonstrate exploitation of CVE-2025-0282, and is based upon the exploitation strategy published by watchTowr. This PoC has a ROP chain built to target…
CISA Mitigation Instructions for CVE-2025-0282
This page contains the mitigation instructions that correspond to the CISA KEV catalog entry CVE-2025-0282 – Ivanti Connect Secure, Policy Secure, and ZTA ...
CVE-2025-0282 and CVE-2025-0283: Ivanti 0days in the Wild - Wiz
CVE-2025-0282 is an unauthenticated stack-based buffer overflow vulnerability in Ivanti Connect Secure (ICS) VPN appliances, also affecting ... Detect and mitigate CVE-2025-0282, a critical RCE vulnerability in Ivanti Connect Secure and CVE-2025-0283, exploited as 0day vulnerabilities in the wild. .
MAR-25993211-r1.v2 Ivanti Connect Secure (RESURGE) - CISA
CISA analyzed three files obtained from a critical infrastructure’s Ivanti Connect Secure device after threat actors exploited Ivanti CVE-2025-0282 for initial access.
CVE-2025-0282.yaml - projectdiscovery/nuclei-templates - GitHub
Unauthenticated attackers can exploit a stack-based buffer overflow to execute arbitrary code remotely on Ivanti Connect Secure devices, potentially ... id: CVE-2025-0282 info: name: Ivanti Connect Secure - Stack-based Buffer Overflow author: ritikchaddha severity: critical description: | Ivanti Con…
GitHub - watchtowrlabs/CVE-2025-0282: Ivanti Connect Secure IFT...
Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282). This is purposefully broken in non-trivial ways and will require effort to work as outlined previously in our exploitation technique blogpost. To understand this vulnerability, you can take a look at our technical write-up. E…