CVE-2025-0283

Name of the Vulnerable Software and Affected Versions Ivanti Connect Secure versions prior to 22.7R2.5 Ivanti Policy Secure versions prior to 22.7R1.2 Ivanti Neurons for ZTA gateways versions prior to 22.7R2.3

Description A stack-based buffer overflow exists in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways. Successful exploitation of this issue allows a local authenticated attacker to escalate their privileges. The issue also allows a remote unauthenticated attacker to achieve remote code execution. The vulnerability enables attackers to gain administrator access, potentially allowing them to modify settings, passwords, and systems, and access sensitive information.

Recommendations Ivanti Connect Secure versions prior to 22.7R2.5 should be updated to version 22.7R2.5 or later. Ivanti Policy Secure versions prior to 22.7R1.2 should be updated to version 22.7R1.2 or later. Ivanti Neurons for ZTA gateways versions prior to 22.7R2.3 should be updated to version 22.7R2.3 or later.