Tech »  Topic »  Ivanti 0-Day Vulnerability Exploited in Wild-Patch Now

Ivanti 0-Day Vulnerability Exploited in Wild-Patch Now


Ivanti released a critical security advisory addressing vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateways products.

This advisory reveals the existence of two significant vulnerabilities, CVE-2025-0282 and CVE-2025-0283, which have been exploited in the wild, necessitating immediate action from users.

Critical Vulnerability: CVE-2025-0282

CVE-2025-0282 is a stack-based buffer overflow vulnerability that affects Ivanti Connect Secure versions prior to 22.7R2.5, Ivanti Policy Secure before 22.7R1.2, and Ivanti Neurons for ZTA gateways before 22.7R2.3.

This vulnerability allows an unauthenticated remote attacker to execute arbitrary code, posing a severe security risk. It has received a CVSS score of 9.0, categorizing it as a critical vulnerability.

High Severity Vulnerability: CVE-2025-0283

The second vulnerability, CVE-2025-0283, similarly affects the same versions of Ivanti’s products but permits a local authenticated attacker to escalate privileges.

This vulnerability has a CVSS score of 7.0, indicating a high severity ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE