Critical Security Flaw in Ivanti Connect Secure, Policy Secure, and ZTA Gateways

Ivanti Warns of Critical Security Flaw in Products

Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024.

Security Vulnerability Details

The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3.

Potential Risks

"Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code execution," Ivanti said in an advisory. "The Ivanti Neurons ZTA gateways cannot be exploited when in production," the company said. "If a gateway for this solution is generated and left unconnected to a ZTA controller, then there is a risk of exploitation on the generated gateway."

Exposure Data

Data from Censys shows that there are 33,219 exposed Ivanti Connect Secure instances, although not all of them are necessarily vulnerable. Most of the instances are located in the U.S., Japan, Germany, France, the U.K., Taiwan, Spain, the Netherlands, South Korea, and China.

Likely Vulnerable Instances

Per the Shadowserver Foundation, there are 2,048 likely vulnerable instances worldwide as of January 9, 2024, with a majority of them in the U.S., France, Spain, the U.K., and Taiwan.

Additional Technical Details

In a related development, cybersecurity company WatchTowr has released additional technical specifics about CVE-2025-0282, describing it as a "legit pre-authentication stack-based buffer overflow, present in the default configuration."

Stay Informed

Follow us on Twitter and LinkedIn to read more exclusive content we post.