CVE-2025-0282 :: Enginsight Vulnerability Database

Severity

CRITICAL

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Atk. Vector

NETWORK

Atk. Complexity

HIGH

Priv. Required

NONE

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	connect_secure	22.7
ivanti	neurons_for_zero-trust_access	22.7
ivanti	neurons_for_zero-trust_access	22.7
ivanti	neurons_for_zero-trust_access	22.7
ivanti	policy_secure	22.7
ivanti	policy_secure	22.7
ivanti	policy_secure	22.7

𝑥

= Vulnerable software versions

Known Exploits!

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[ENGLISH] China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
The China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That's according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon (formerly Hafnium) hacking
Published: 2025-03-05T21:14:00+05:30

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day

https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282

https://github.com/sfewer-r7/CVE-2025-0282

https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-0282