Lucene search
K

10 matches found

CISA
CISA
added 2025/04/08 12:0 p.m.17 views

Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways

Updated April 8, 2025 CISA updated these mitigations based on identification of a new malware variant called RESURGE that could undermine the effectiveness of the mitigations previously provided. For more information on RESURGE, see MAR-25993211.R1.V1.CLEAR and CISA Releases Malware Analysis Repo...

9CVSS7.9AI score0.99971EPSS
In wildExploits13References8
NCSC
NCSC
added 2025/01/17 8:54 a.m.4 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. The first vulnerability CVE-2025-0282 can be exploited by malicious parties to execute arbitrary code remotely without authentication. The second vulnerability CVE-2025-0283 can be exploited by a locally authenticated malicious...

9CVSS9.8AI score0.99971EPSS
Exploits13References2
Wiz blog
Wiz blog
added 2025/01/09 2:23 p.m.25 views

CVE-2025-0282 and CVE-2025-0283: Critical Ivanti 0days Exploited in the Wild

Detect and mitigate CVE-2025-0282, a critical RCE vulnerability in Ivanti Connect Secure and CVE-2025-0283, exploited as 0day vulnerabilities in the wild. Organizations should patch urgently...

9CVSS7AI score0.99971EPSS
Exploits13
NVD
NVD
added 2025/01/08 11:15 p.m.22 views

CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges...

7CVSS0.17108EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/08 10:15 p.m.13 views

CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges...

7CVSS7.1AI score0.17108EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2025/01/08 6:13 p.m.35 views

CVE-2025-0282: Ivanti Connect Secure Zero-Day Exploited in the Wild

On Wednesday, January 8, 2025, Ivanti disclosed two CVEs affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the target device. CVE-2025-0283 is ...

9CVSS8.6AI score0.99971EPSS
Exploits13
Circl
Circl
added 2025/01/08 5:54 p.m.12 views

CVE-2025-0283

creationtimestamp| type| source ---|---|--- 2025-01-08 17:54:03+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113794013127839389 2025-01-08 17:55:33+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0005 2025-01-08 18:07:00+00:00| seen|...

7CVSS7AI score0.17108EPSS
Exploits0References71
Ivanti
Ivanti
added 2025/01/08 4:55 p.m.529 views

Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283) 

Update: 21 Jan 2025 Patch Now Available for IPS & ZTA Gateways Summary: Ivanti has released an update that addresses one critical and one high vulnerability in Ivanti Connect Secure, Policy Secure and ZTA Gateways. Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code...

9CVSS8.7AI score0.99971EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2025/01/08 12:0 a.m.19 views

Ivanti Policy Secure 22.x <= 22.7R1.2 Local Privilege Escalation (CVE-2025-0283)

The version of Ivanti Policy Secure installed on the remote host is 22.x prior or equal to 22.7R1.2 Build 1485. It is, therefore, affected by a local privilege escalation vulnerability: - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before...

7CVSS7.8AI score0.17108EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/08 12:0 a.m.59 views

Ivanti Connect Secure 9.x / 22.x < 22.7R2.5 Local Privilege Escalation (CVE-2025-0283)

The Ivanti Connect Secure install on the remote host is 9.x, or 22.x prior to 22.7R2.5. It is, therefore, affected by a local privilege escalation vulnerability: - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and...

9CVSS7.8AI score0.99971EPSS
Exploits13References2
Rows per page
Query Builder