CVE-2025-0282

Name of the Vulnerable Software and Affected Versions Ivanti Connect Secure versions prior to 22.7R2.5 Ivanti Policy Secure versions prior to 22.7R1.2 Ivanti Neurons for ZTA gateways versions prior to 22.7R2.3

Description A stack-based buffer overflow in Ivanti Connect Secure, Policy Secure, and ZTA Gateways allows a remote unauthenticated attacker to achieve remote code execution. The vulnerability is being actively exploited by threat actors, including Chinese nation-state actors, to deploy malware and gain unauthorized access to sensitive data. It is estimated that over 33,000 Ivanti instances are exposed worldwide, with the number of vulnerable devices having fallen from 2,048 to 800 in a short period. The vulnerability has been linked to various malware families, including Spawn and DryHook.

Recommendations Ivanti Connect Secure versions prior to 22.7R2.5: Update to version 22.7R2.5 or later to patch the vulnerability. Ivanti Policy Secure versions prior to 22.7R1.2: Update to version 22.7R1.2 or later to patch the vulnerability. Ivanti Neurons for ZTA gateways versions prior to 22.7R2.3: Update to version 22.7R2.3 or later to patch the vulnerability. As a temporary workaround, consider disabling the vulnerable function until a patch is available. Additionally, restrict access to the vulnerable module to minimize the risk of exploitation.