CVE-2025-0283
Published: 08 January 2025
Summary
CVE-2025-0283 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Ivanti Connect Secure. Its CVSS base score is 7.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 2.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of the stack-based buffer overflow flaw through patching Ivanti products to versions 22.7R2.5 or later.
Implements memory protection mechanisms such as stack canaries, ASLR, and DEP that prevent exploitation of stack-based buffer overflows leading to privilege escalation.
Enforces least privilege to limit the scope and impact of privilege escalation by a local low-privilege authenticated attacker.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in local Ivanti components directly enables local authenticated privilege escalation via exploitation of a software vulnerability.
NVD Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
Deeper analysisAI
CVE-2025-0283 is a stack-based buffer overflow vulnerability, associated with CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write), affecting Ivanti Connect Secure versions prior to 22.7R2.5, Ivanti Policy Secure versions prior to 22.7R1.2, and Ivanti Neurons for ZTA gateways versions prior to 22.7R2.3. Published on January 8, 2025, it carries a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts under specific local access conditions.
A local authenticated attacker with low privileges can exploit this vulnerability due to its high attack complexity. Successful exploitation allows privilege escalation, enabling the attacker to gain elevated access on the affected systems.
Ivanti has issued a security advisory detailing patches for this issue, available at https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283. Mitigation involves upgrading to Ivanti Connect Secure 22.7R2.5 or later, Ivanti Policy Secure 22.7R1.2 or later, and Ivanti Neurons for ZTA gateways 22.7R2.3 or later.
Details
- CWE(s)