CVE-2025-0282

CriticalCISA KEVActive ExploitationPublic PoCRansomware-linked

Published: 08 January 2025

Published

08 January 2025

Modified

24 October 2025

KEV Added

08 January 2025

Patch

—

CVSS Score 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.9413 99.9th percentile

Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0282 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Ivanti Connect Secure. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of software flaws such as this stack-based buffer overflow through vendor patches.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms like stack canaries, ASLR, and DEP to block exploitation of stack-based buffer overflows leading to RCE.

SI-10 Information Input Validation partial match

prevent

Mandates validation of information inputs for length and format to mitigate buffer overflows from crafted unauthenticated remote payloads.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Direct remote unauthenticated RCE on public-facing Ivanti VPN/gateway appliance maps to exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Deeper analysisAI

CVE-2025-0282 is a stack-based buffer overflow vulnerability, associated with CWE-121 and CWE-787, affecting Ivanti Connect Secure versions before 22.7R2.5, Ivanti Policy Secure before 22.7R1.2, and Ivanti Neurons for ZTA gateways before 22.7R2.3. Published on January 8, 2025, it carries a CVSS v3.1 base score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity with network accessibility, high attack complexity, no privileges or user interaction required, and high impact across confidentiality, integrity, and availability with a changed scope.

A remote unauthenticated attacker can exploit this vulnerability to achieve remote code execution on affected systems. The high attack complexity suggests it requires specific conditions or crafted payloads, but successful exploitation grants full control over the targeted gateway or VPN appliance.

Ivanti's security advisory details patches in Connect Secure 22.7R2.5, Policy Secure 22.7R1.2, and Neurons for ZTA gateways 22.7R2.3, urging immediate upgrades. CISA provides mitigation instructions, while additional resources include exploitation walkthroughs and a GitHub proof-of-concept.

References to this CVE as a zero-day in threat intelligence, alongside public PoCs and detailed exploit techniques, highlight active research and potential for real-world abuse targeting Ivanti VPN and gateway deployments.

Details

CWE(s): CWE-121 CWE-787
KEV Date Added: 08 January 2025

Affected Products

ivanti

connect secure

22.7

ivanti

neurons for zero-trust access

22.7

ivanti

policy secure

22.7

CVEs Like This One

CVE-2025-0283Same product: Ivanti Connect Secure

CVE-2025-55147Same product: Ivanti Connect Secure

CVE-2025-22467Same product: Ivanti Connect Secure

CVE-2024-10644Same product: Ivanti Connect Secure

CVE-2025-55141Same product: Ivanti Connect Secure

CVE-2025-55142Same product: Ivanti Connect Secure

CVE-2025-55145Same product: Ivanti Connect Secure

CVE-2026-3055Same product class: VPN / SSL gatewayboth on KEV

CVE-2025-24472Same product class: VPN / SSL gatewayboth on KEV

CVE-2026-1340Same vendor: Ivantiboth on KEV

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283
Vendor Advisory · 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
Exploit, Technical Description · af854a3a-2127-422b-91ae-364da2661108
https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282
Third Party Advisory, US Government Resource · af854a3a-2127-422b-91ae-364da2661108
https://github.com/sfewer-r7/CVE-2025-0282
Exploit · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0282
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-0282
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0