10 matches found
Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways
Updated April 8, 2025 CISA updated these mitigations based on identification of a new malware variant called RESURGE that could undermine the effectiveness of the mitigations previously provided. For more information on RESURGE, see MAR-25993211.R1.V1.CLEAR and CISA Releases Malware Analysis Repo...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. The first vulnerability CVE-2025-0282 can be exploited by malicious parties to execute arbitrary code remotely without authentication. The second vulnerability CVE-2025-0283 can be exploited by a locally authenticated malicious...
CVE-2025-0282 and CVE-2025-0283: Critical Ivanti 0days Exploited in the Wild
Detect and mitigate CVE-2025-0282, a critical RCE vulnerability in Ivanti Connect Secure and CVE-2025-0283, exploited as 0day vulnerabilities in the wild. Organizations should patch urgently...
CVE-2025-0283
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges...
CVE-2025-0283
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges...
CVE-2025-0282: Ivanti Connect Secure Zero-Day Exploited in the Wild
On Wednesday, January 8, 2025, Ivanti disclosed two CVEs affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the target device. CVE-2025-0283 is ...
CVE-2025-0283
creationtimestamp| type| source ---|---|--- 2025-01-08 17:54:03+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113794013127839389 2025-01-08 17:55:33+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0005 2025-01-08 18:07:00+00:00| seen|...
Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283)
Update: 21 Jan 2025 Patch Now Available for IPS & ZTA Gateways Summary: Ivanti has released an update that addresses one critical and one high vulnerability in Ivanti Connect Secure, Policy Secure and ZTA Gateways. Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code...
Ivanti Policy Secure 22.x <= 22.7R1.2 Local Privilege Escalation (CVE-2025-0283)
The version of Ivanti Policy Secure installed on the remote host is 22.x prior or equal to 22.7R1.2 Build 1485. It is, therefore, affected by a local privilege escalation vulnerability: - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before...
Ivanti Connect Secure 9.x / 22.x < 22.7R2.5 Local Privilege Escalation (CVE-2025-0283)
The Ivanti Connect Secure install on the remote host is 9.x, or 22.x prior to 22.7R2.5. It is, therefore, affected by a local privilege escalation vulnerability: - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and...