Ivanti has disclosed a critical vulnerability identified as CVE-2025-0282, affecting several of its products, including Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. With a CVSS Score of 9.0, this stack-based buffer overflow vulnerability allows remote, unauthenticated attackers to execute arbitrary code on the target device, posing significant security risks to affected systems. Organizations using affected Ivanti products must take immediate action to patch their systems and monitor for potential compromises.
Understanding the Vulnerability CVE-2025-0282
CVE-2025-0282 is a stack-based buffer overflow present in the following product versions:
- Ivanti Connect Secure versions 22.7R2 through 22.7R2.4
- Ivanti Policy Secure versions 22.7R1 through 22.7R1.2
- Ivanti Neurons for ZTA versions 22.7R2 through 22.7R2.3
Successful exploitation of this vulnerability enables remote code execution without authentication, granting attackers the ability to compromise the affected device and potentially gain unauthorized access to the connected network.
Ivanti confirmed that this vulnerability is being actively exploited. “We are aware of a limited number of customers’ Ivanti Connect Secure appliances being exploited by CVE-2025-0282 at the time of disclosure,” the company stated in a blog post. Security researchers from Mandiant and Microsoft’s Threat Intelligence Center (MSTIC) are credited with discovering the flaw. Exploitation activities were first observed in mid-December 2024, suggesting that threat actors targeted Ivanti devices before the public disclosure.
Mitigations and Recommendations
To address this critical issue, Ivanti has released patches for Ivanti Connect Secure (version 22.7R2.5) and plans to release updates for Ivanti Policy Secure and Neurons for ZTA by January 21, 2025. Administrators are urged to apply these patches immediately to mitigate risks.
Ivanti also recommends using the Integrity Checker Tool (ICT) to detect exploitation. “Exploitation of CVE-2025-0282 can be identified by the Integrity Checker Tool (ICT). We strongly advise all customers to closely monitor their internal and external ICT as part of a robust and layered cybersecurity approach,” Ivanti emphasized.
Instantly Fix Risks with SanerNow Patch Management
CVE-2025-0282 underscores the importance of maintaining a proactive approach to cybersecurity, particularly for organizations using network gateway products. Organizations must prioritize patch management, not just as a reactive measure but as a fundamental component of their cybersecurity strategy.
SanerNow Patch Management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.
It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. SanerNow patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.