Cyber Resilience

CVE-2025-0283

High

Published: 08 January 2025

Published
08 January 2025
Modified
14 January 2025
KEV Added
Patch
CVSS Score v3.1 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4116 97.5th percentile
Risk Priority 39 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0283 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Ivanti Connect Secure. Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 2.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0283 is a stack-based buffer overflow vulnerability, associated with CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write), affecting Ivanti Connect Secure versions prior to 22.7R2.5, Ivanti Policy Secure versions prior to 22.7R1.2, and Ivanti Neurons for ZTA gateways versions prior to 22.7R2.3. Published on January 8, 2025, it carries a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts under specific local access conditions.

A local authenticated attacker with low privileges can exploit this vulnerability due to its high attack complexity. Successful exploitation allows privilege escalation, enabling the attacker to gain elevated access on the affected systems.

Ivanti has issued a security advisory detailing patches for this issue, available at https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283. Mitigation involves upgrading to Ivanti Connect Secure 22.7R2.5 or later, Ivanti Policy Secure 22.7R1.2 or later, and Ivanti Neurons for ZTA gateways 22.7R2.3 or later.

EU & UK References

Vulnerability details

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

CWE(s)

Related Threats

Threat-Actor AttributionAI

Volt Typhoon (G1017)
9TH ANNUAL YEAR IN REVIEW | OT/ICS CYBERSECURITY REPORT UPDATED FEBRUARY 2026 9TH ANNUAL | 2026 YEAR IN REVIEW OT/ICS CYBERSECURITY REPORT © Dragos, Inc. All Rights Reserved. Proprietary & Confidential. 2 9TH ANNUAL YEAR IN REVIEW | OT/ICS

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Stack-based buffer overflow in local Ivanti components directly enables local authenticated privilege escalation via exploitation of a software vulnerability.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0282Same product: Ivanti Connect Secure
CVE-2025-22467Same product: Ivanti Connect Secure
CVE-2024-10644Same product: Ivanti Connect Secure
CVE-2025-55142Same product: Ivanti Connect Secure
CVE-2025-55145Same product: Ivanti Connect Secure
CVE-2025-55141Same product: Ivanti Connect Secure
CVE-2025-55147Same product: Ivanti Connect Secure
CVE-2024-10630Same vendor: Ivanti
CVE-2025-64157Same product class: VPN / SSL gateway
CVE-2026-8110Same vendor: Ivanti

Affected Assets

ivanti
connect secure
21.12, 21.9, 22.1, 22.7, 9.1 · ≤ 9.1 · 22.2 — 22.7
ivanti
neurons for zero-trust access
22.2, 22.3, 22.4, 22.5, 22.6
ivanti
policy secure
22.7 · ≤ 22.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely remediation of the stack-based buffer overflow flaw through patching Ivanti products to versions 22.7R2.5 or later.

prevent

Implements memory protection mechanisms such as stack canaries, ASLR, and DEP that prevent exploitation of stack-based buffer overflows leading to privilege escalation.

prevent

Enforces least privilege to limit the scope and impact of privilege escalation by a local low-privilege authenticated attacker.

References