VDB
CVE-2025-0282
CVE-2025-0282
PUBLISHED
KEV
Es besteht eine Schwachstelle in Ivanti Connect Secure und Ivanti Policy Secure aufgrund eines stapelbasierten Pufferüberlaufproblems. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.
EPSS 94.13% · 99.9th percentile
Risk Scores
EPSS Score
94.13%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Ivanti Policy Secure =<22.7R1.2 | |
| Ivanti | Ivanti Connect Secure <22.7R2.5 |
Timeline
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jun 10, 2021 CrowdSec Sighting
- Aug 12, 2021 CrowdSec Sighting
- Oct 21, 2021 CrowdSec Sighting
- Jun 15, 2022 CrowdSec Sighting
- Sep 24, 2022 CrowdSec Sighting
- Nov 8, 2022 CrowdSec Sighting
- Nov 10, 2022 CrowdSec Sighting
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0029.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0029 advisory
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 advisory
- https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways advisory