VDB
CVE-2025-0283
CVE-2025-0283
PUBLISHED
Es besteht eine Schwachstelle in Ivanti Connect Secure und Ivanti Policy Secure aufgrund eines stapelbasierten Pufferüberlaufproblems. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte zu erlangen.
EPSS 45.11% · 97.6th percentile
Risk Scores
EPSS Score
45.11%
97.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Ivanti Connect Secure <22.7R2.5 | |
| Ivanti | Ivanti Policy Secure =<22.7R1.2 |
Timeline
- Jan 6, 2025 CVE ID Reserved
- Jan 8, 2025 PoC Published
- Jan 8, 2025 PoC Published
- Jan 8, 2025 PoC Published
- Jan 8, 2025 PoC Published
- Jan 8, 2025 PoC Published
- Jan 8, 2025 PoC Published
- Jan 8, 2025 PoC Published
- Jan 8, 2025 PoC Published
- Jan 8, 2025 PoC Published
- Jan 8, 2025 PoC Published
- Jan 8, 2025 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0029.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0029 advisory
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 advisory
- https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways advisory