CVE-2025-0282
Published: 08 January 2025
Summary
CVE-2025-0282 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Ivanti Connect Secure. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A stack-based buffer overflow vulnerability, also referenced under CWE-121 and CWE-787, affects Ivanti Connect Secure prior to version 22.7R2.5, Ivanti Policy Secure prior to 22.7R1.2, and Ivanti Neurons for ZTA gateways prior to 22.7R2.3. The flaw carries a CVSS 3.1 score of 9.0 and permits remote code execution when successfully triggered.
An unauthenticated remote attacker can exploit the issue over the network by sending crafted input that overflows the stack buffer, leading to arbitrary code execution with high impact on confidentiality, integrity, and availability. The attack complexity is rated high and requires no user interaction or privileges, though the scope change indicates potential impact beyond the vulnerable component.
Ivanti’s security advisory directs customers to upgrade to the fixed releases listed above, while CISA has published mitigation instructions for organizations unable to patch immediately. Public references include a Google threat intelligence report on observed activity, a CISA advisory page, and technical walkthroughs with proof-of-concept code.
The associated EPSS score has reached a peak of 0.9418 with a current value of 0.9413, indicating sustained and substantial exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1580
Vulnerability details
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
- CWE(s)
- KEV Date Added
- 08 January 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote unauthenticated RCE on public-facing Ivanti VPN/gateway appliance maps to exploitation of public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of software flaws such as this stack-based buffer overflow through vendor patches.
Implements memory protection mechanisms like stack canaries, ASLR, and DEP to block exploitation of stack-based buffer overflows leading to RCE.
Mandates validation of information inputs for length and format to mitigate buffer overflows from crafted unauthenticated remote payloads.