9 CVE-2025-0282

CISA Kev Catalog Exploit
 

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
https://nvd.nist.gov/vuln/detail/CVE-2025-0282

Categories

CWE-121

CWE-787

References

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

af854a3a-2127-422b-91ae-364da2661108 Exploit


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url

Other Nist (github, ...)

Url
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secur...


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry