Vulnerability Report

CVE-2025-0282

RCE CISA KEV Active

Title: Ivanti Neurons For Zero-Trust Access RCE

Memory Corruption

Proof Of Concept

PoC Available for CVE-2025-0282

CWE Category CWE-787

Published Date Jan 08, 2025

Modified Date Oct 24, 2025

Exploit Status Available

Score 9.0 CVSS v3.1

Exploit Probability (EPSS)

94.13%

Vulnerability Summary

CVE-2025-0282: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Impacted Vendors

ivanti 3

Reference Links

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282 https://github.com/sfewer-r7/CVE-2025-0282 https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0282 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-0282

CVSS v3.1

Source Entity 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Severity CRITICAL

9.0

Attack Vector

NETWORK

Complexity

HIGH

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

CHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v3.1

Source Entity [email protected]

Severity CRITICAL

9.0

Attack Vector

NETWORK

Complexity

HIGH

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

CHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2025-0282 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/absholi7ly/CVE-2025-0282-Ivanti-exploit

View Code

GitHub https://github.com/sfewer-r7/CVE-2025-0282

View Code

GitHub https://github.com/watchtowrlabs/CVE-2025-0282

View Code

Exploit-DB https://www.exploit-db.com/exploits/52213

View Code

October 24, 2025 MODIFIED

Vulnerability data or affected products updated.

October 24, 2025 MODIFIED

Vulnerability data updated via NVD.

January 08, 2025 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity HIGH

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Stack

No specific products linked.