Threat Pulse Cyber threat intelligence · Manera Fintech
← back to catalog

CVE-2025-0282

Ivanti / Connect Secure, Policy Secure, and ZTA Gateways

Ransomware campaign Added 2025-01-08 Due 2025-01-15

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.

Required action

Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Notes: CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0282

Metadata

Added to KEV2025-01-08
Remediation due2025-01-15
Ransomware useKnown
CWEsCWE-121
Ingested2026-04-24 15:03:13

Cross-mesh regulatory overlay LexiWorld · RegulatoryRadar

If you're breached via this CVE, what disclosure laws and cyber regs fire? Asks LexiWorld and RegulatoryRadar via signed mesh.