CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild

On January 8, Ivanti published a security advisory for two vulnerabilities affecting multiple products including Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for Zero Trust Access (ZTA) gateways including one flaw that was exploited in the wild as a zero-day.

CVE-2025-0282 is a stack-based buffer overflow vulnerability in Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA gateways. An unauthenticated, remote attacker that successfully exploits this flaw would obtain remote code execution on a vulnerable device. In a blog post, Ivanti confirmed that they have observed in-the-wild exploitation of CVE-2025-0282 in “a limited number of customers” of Ivanti Connect Secure devices. They reiterate that they have not observed exploitation against Ivanti Policy Secure or Neurons for ZTA gateways.

CVE-2025-0283 is also a stack-based buffer overflow in Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA gateways. Unlike CVE-2025-0282, a local, authenticated attacker that successfully exploits this flaw would be able to elevate privileges on a vulnerable device.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.