📦

neurons_for_zero-trust_access

Vendor: ivanti

Login to add this product to WatchStack
Actively Exploited 2 CISA KEV List
PoC / Exploits 2 Code Available
Total RCEs 0 Remote Access
Total CVEs 7 Total Indexed
Avg. EPSS 49.78% Exploit Prob.
Latest CVE CVE-2025-0283 Jan 08

Security Vulnerability Index

Page 1 / 1
7.0 CVSS
CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

EPSS: 41.16%
Critical Target
9.0 CVSS
CVE-2025-0282
Exploit Found

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

EPSS: 94.13%
Critical Target
8.2 CVSS
CVE-2024-21893
Exploit Found

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

EPSS: 94.32%
7.5 CVSS
CVE-2022-35258

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

EPSS: 9.64%
7.5 CVSS
CVE-2022-35254

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

EPSS: 9.64%