Emerging Threat: Ivanti Connect Secure CVE-2025-0282 and CVE-2025-0283

What are CVE-2025-0282 and CVE-2025-0283? 

On Wednesday, January 8th, Ivanti disclosed two severe vulnerabilities affecting Ivanti Connect Secure VPN devices. Ivanti Connect Secure is an external-facing SSL VPN used to secure remote access to corporate networks. Ivanti Policy Secure is an internal network-access control solution designed for regulating access within an enterprise’s network.

The critical vulnerability (CVSS 9.0) CVE-2025-0282 allows unauthenticated remote code execution (RCE) through a stack-based buffer overflow. This vulnerability specifically targets Ivanti Connect Secure appliances and the vendor has confirmed exploitation in the wild alongside a public POC. 

CVE-2025-0283 involves a similar buffer overflow mechanism and allows for local privilege escalation by an authenticated attacker. As of publication, there is no evidence of active exploitation of this high-severity vulnerability (CVSS 7.0).

While these two vulnerabilities are very similar, there have been no reports of these two vulnerabilities being chained in any known exploit scenarios.

What assets are affected by CVE-2025-0282 and CVE-2025-0283? 

The following assets are affected by CVE-2025-0282 and CVE-2025-0283: 

• CVE-2025-0282:
  • Ivanti Connect Secure: 22.7R2 through 22.7R2.4
  • Ivanti Policy Secure: 22.7R1 through 22.7R1.2
  • Ivanti Neurons for ZTA gateways: 22.7R2 through 22.7R2.3
• CVE-2025-0283:
  • Ivanti Connect Secure: 22.7R2.4 and prior; 9.1R18.9 and prior (EOL)
  • Ivanti Policy Secure: 22.7R1.2 and prior
  • Ivanti Neurons for ZTA gateways: 22.7R2.3 and prior

Note: The Ivanti Connect Secure 9.x line of code reached end of life (EOL) on December 31, 2024, and Ivanti has confirmed that it will not receive a patch for CVE-2025-0283. However, CVE-2025-0282, which is confirmed as exploited, does not impact the 9.x line of code. 

Are fixes available? 

The following patches are available for CVE-2025-0282 and CVE-2025-0283: 

• CVE-2025-0282:
  • Ivanti Connect Secure: 22.7R2.5 
  • Ivanti Policy Secure: Patch planned for January 21, 2025
  • Ivanti Neurons for ZTA gateways: 22.7R2.5 
• CVE-2025-0283:
  • Ivanti Connect Secure: 22.7R2.5 
  • Ivanti Policy Secure: Patch planned for January 21, 2025
  • Ivanti Neurons for ZTA gateways: 22.7R2.5 

Are there any other recommended actions to take? 

Because there have been reports of attempted exploitation of CVE-2025-0282, Ivanti has recommended that customers closely monitor their internal and external integrity check tool (ICT) for any signs of exploitation.    

How is CyCognito helping customers identify assets vulnerable to CVE-2025-0282 and CVE-2025-0283? 

CyCognito customers can check their assets to identify if any are potentially vulnerable to these issues using filters available in the CyCognito dashboard. CyCognito is also investigating non-intrusive testing methods to identify CVE-2025-0282 and CVE-2025-0283.    

Figure 1: The alert sent by CyCognito for CVE-2025-0282 and CVE-2025-0283

How can CyCognito help your organization? 

CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive dashboard product tour. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our Contact Us page to schedule a demo.