Ivanti Connect Secure Zero-Days — CVE-2025-0282 & CVE-2025-0283
Two zero-day vulnerabilities in Ivanti Connect Secure allowed unauthenticated remote code execution before patches were available.
ATT&CK: T1190, T1133
vpn zero-day rce ivanti
Summary
CVE-2025-0282 is a stack-based buffer overflow in Ivanti Connect Secure, Policy Secure, and ZTA Gateways allowing unauthenticated remote code execution. Mandiant reported active exploitation before the January 8 patch release.
Affected Versions
- Ivanti Connect Secure < 22.7R2.5
- Ivanti Policy Secure < 22.7R1.2
- Ivanti Neurons for ZTA < 22.7R2.3
Detection
Use Ivanti’s Integrity Checker Tool (ICT) to detect compromise. Run it immediately on any affected appliance.
Response
Apply patches immediately. If compromise is suspected, perform a factory reset before patching. Review authentication logs for anomalous activity in the 30 days prior to patch application.