Actively exploited vulnerability

CVE-2025-0282: Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.

CISA KEV source 8 Jan 2025 added 15 Jan 2025 remediation due

Affected product

Ivanti · Connect Secure, Policy Secure, and ZTA Gateways

Known ransomware use: Known

Required action

Follow the source advisory and validate exposure in your environment.

Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Related Yasna coverage

Recent reporting that mentions CVE-2025-0282.