On January 8, 2025, Ivanti published a security advisory announcing the patching of a critical, actively exploited vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Tracked as CVE-2025-0282, the vulnerability allows remote unauthenticated threat actors to achieve remote code execution (RCE) via a stack-based buffer overflow flaw. Ivanti confirmed that exploitation has only been observed in Connect Secure, and no exploitation has been reported in Policy Secure or ZTA Gateways. At this time, patches are only available for Ivanti Connect Secure. Patches for Policy Secure and Neurons for ZTA Gateways are expected to be released on January 21.
Ivanti also patched CVE-2025-0283, a lesser severity vulnerability discovered during the investigation of CVE-2025-0282. Though it was not exploited, Ivanti noted that this flaw is also a stack-based buffer overflow, but requires local, authenticated access for a threat actor to achieve RCE.
Arctic Wolf has not observed any publicly available proof of concept (PoC) exploits for these vulnerabilities. Due to the criticality of these vulnerabilities and the frequent targeting of Ivanti products throughout 2024, attackers are likely to pursue further exploitation—particularly of CVE-2024-0282—to achieve unauthenticated RCE and carry out malicious actions in compromised environments.
Recommendation for CVE-2025-0282
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| Ivanti Connect Secure |
|
22.7R2.5 |
| Ivanti Policy Secure |
|
Patch Available January 21 |
| Ivanti Neurons for ZTA gateways |
|
Patch Available January 21 |
For Policy Secure and Neurons for ZTA Gateways, which are awaiting the patch scheduled for January 21, Ivanti has provided the following guidance:
- Ivanti Policy Secure: This solution is not designed to be internet-facing and should be configured accordingly based on Ivanti’s recommendations to prevent internet exposure.
- Ivanti Neurons for ZTA Gateways: Ivanti has stated that this vulnerability cannot be exploited in production environments. The risk exists only if a gateway is generated and left unconnected to a ZTA controller.
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
Resources
