clayton@site:~/news$ cat cve-2025-0282-ivanti-connect-secure-policy-secure-and-zta-gateways.log

CVE-2025-0282 — Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

2025-01-08 • CISA Known Exploited Vulnerability

[event] Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.

> AFFECTED SOFTWARE

Field	Value
Vendor	Ivanti
Product	Connect Secure, Policy Secure, and ZTA Gateways
CWE	CWE-121
CVE ID	CVE-2025-0282
Date Added	2025-01-08
Due Date	2025-01-15
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Due Date: 2025-01-15

> REFERENCES

[1] https://www.cisa.gov/cisa-mitigation-instructions-CVE-2025-0282
[2] https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Poli...
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-0282