CVE-2025-0282

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Published: Jan 9, 2025
Updated: May 4, 2025
CVE: CVE-2025-0282
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
ivanti / connect_secure	22.7-r2.2	22.7-r2.2.x
ivanti / connect_secure	22.7-r2.1	22.7-r2.1.x
ivanti / connect_secure	22.7-r2	22.7-r2.x
ivanti / policy_secure	22.7-r1.1	22.7-r1.1.x
ivanti / policy_secure	22.7-r1	22.7-r1.x
ivanti / connect_secure	22.7-r2.3	22.7-r2.3.x
ivanti / connect_secure	22.7-r2.4	22.7-r2.4.x
ivanti / policy_secure	22.7-r1.2	22.7-r1.2.x
ivanti / neurons_for_zero-trust_access	22.7-r2	22.7-r2.x
ivanti / neurons_for_zero-trust_access	22.7-r2.2	22.7-r2.2.x
ivanti / neurons_for_zero-trust_access	22.7-r2.3	22.7-r2.3.x

Vulnerability Database

290,020

CVE-2025-0282