Ivanti has issued a security advisory addressing two vulnerabilities in its Connect Secure, Policy Secure, and Neurons for ZTA Gateways. The vulnerabilities—CVE-2025-0282 and CVE-2025-0283—pose significant risks to affected systems, with one rated as critical and the other as high severity.
The critical vulnerability, CVE-2025-0282, has a CVSS score of 9.0. It involves a stack-based buffer overflow in Ivanti Connect Secure versions prior to 22.7R2.5, Policy Secure versions prior to 22.7R1.2, and Neurons for ZTA Gateways versions prior to 22.7R2.3. This flaw enables remote unauthenticated attackers to execute arbitrary code on affected systems.
Ivanti acknowledges that “a limited number of customers’ Ivanti Connect Secure appliances being exploited by CVE-2025-0282 at the time of disclosure.” However, no exploitation has been observed in Policy Secure or ZTA Gateways.
The second vulnerability, CVE-2025-0283, is rated at 7.0 on the CVSS scale. It also involves a stack-based buffer overflow but is restricted to local authenticated attackers, who could escalate privileges on vulnerable systems. As of the disclosure date, there have been no reported exploitations of this vulnerability.
The vulnerabilities affect multiple versions across Ivanti’s product suite:
- Ivanti Connect Secure: Versions 22.7R2 through 22.7R2.4.
- Ivanti Policy Secure: Versions 22.7R1 through 22.7R1.2.
- Ivanti Neurons for ZTA Gateways: Versions 22.7R2 through 22.7R2.3.
Patches have been released for Ivanti Connect Secure, while fixes for Policy Secure and Neurons for ZTA Gateways are expected by January 21, 2025.
Ivanti recommends immediate action to mitigate risks. For Connect Secure, users are advised to upgrade to version 22.7R2.5 and perform a factory reset on appliances that show signs of compromise. For Policy Secure, it is critical to ensure appliances are not exposed to the internet, significantly reducing exploitation risks.
The advisory emphasizes, “We strongly advise all customers to closely monitor their internal and external ICT as a part of a robust and layered approach to cybersecurity to ensure the integrity and security of the entire network infrastructure.”
To detect exploitation attempts of CVE-2025-0282, Ivanti has released an updated Integrity Checker Tool (ICT). The advisory warns that this tool is compatible only with Connect Secure version 22.7R2.5 and above. A clean ICT scan, in conjunction with regular monitoring, is key to maintaining the integrity of network infrastructures.
Related Posts:
- Ivanti Issues Critical Fixes for ITSM Vulnerabilities (CVE-2024-7569 and CVE-2024-7570)
- Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities
- Critical Vulnerabilities Discovered in Ivanti Connect Secure and Policy Secure
- CISA Adds Three Actively Exploited Security Vulnerabilities to KEV Catalog, Urges Urgent Patching
- Ivanti Connect Secure and Policy Secure Updates Address Critical Vulnerabilities
