A recent disclosure from Ivanti has revealed two critical vulnerabilities affecting their Connect Secure, Policy Secure, and Neurons for ZTA gateways. The most severe, CVE-2025-0282, is a stack-based buffer overflow that enables remote, unauthenticated attackers to execute arbitrary code on targeted devices. Meanwhile, CVE-2025-0283 allows local authenticated users to escalate privileges. Notably, CVE-2025-0282 has been actively exploited in the wild, posing a significant threat to affected systems.

Details of the Vulnerabilities

Ivanti's advisory highlights that CVE-2025-0282 has been used against a limited number of Connect Secure devices. However, there is no evidence that Ivanti Policy Secure and Neurons for ZTA have been exploited at this time. The discovery of these vulnerabilities is credited to Google's Mandiant division and Microsoft's Threat Intelligence Center (MSTIC), suggesting that more intelligence on potential zero-day campaigns may be forthcoming.

Impacted Products and Versions

The vulnerabilities affect specific versions of Ivanti's products:

  • CVE-2025-0282: Ivanti Connect Secure 22.7R2 through 22.7R2.4, Ivanti Policy Secure 22.7R1 through 22.7R1.2, Ivanti Neurons for ZTA 22.7R2 through 22.7R2.3.
  • CVE-2025-0283: Ivanti Connect Secure 22.7R2.4 and prior, 9.1R18.9 and prior, Ivanti Policy Secure 22.7R1.2 and prior, Ivanti Neurons for ZTA 22.7R2.3 and prior.

Mitigation and Recommendations

Ivanti has released patches for Connect Secure (version 22.7R2.5) to address these vulnerabilities. However, patches for Policy Secure and Neurons for ZTA are anticipated by January 21, 2025. It is crucial for users to apply the available patches immediately to protect their systems from potential exploitation.

Ivanti advises utilizing the Integrity Checker Tool (ICT) to detect exploitation of CVE-2025-0282. Regular monitoring of ICT is recommended as part of a comprehensive cybersecurity strategy to maintain the integrity of network infrastructure.

The link has been copied!