Ivanti has released patches to address two significant vulnerabilities in its Ivanti Connect Secure, Policy Secure, and ZTA Gateways products. These Ivanti vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283, pose serious risks to users of affected versions, with CVE-2025-0282 being classified as critical.
Exploitation of these vulnerabilities could lead to severe security breaches, including remote code execution and privilege escalation. Ivanti has issued a patch to address these issues, and customers are strongly encouraged to apply the update immediately.
Ivanti Vulnerabilities Overview
Two distinct vulnerabilities have been identified:
CVE-2025-0282 (Critical)
A stack-based buffer overflow vulnerability in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA Gateways before specific versions allows a remote unauthenticated attacker to execute arbitrary code on the affected systems. This vulnerability is particularly dangerous due to the ease with which an attacker can exploit it remotely, without needing authentication.
- CVSS Score: 9.0 (Critical)
- CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- CWE: CWE-121
CVE-2025-0283 (High)
This vulnerability also involves a stack-based buffer overflow in the same Ivanti products but allows a local authenticated attacker to escalate their privileges. This could allow the attacker to gain higher-level system access than initially permitted. While it does not present the same immediate risk as CVE-2025-0282, it still poses a significant threat to organizations where local access is available.
- CVSS Score: 7.0 (High)
- CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE: CWE-121
Impact and Exploitation
At the time of disclosure, Ivanti confirmed that a limited number of Ivanti Connect Secure appliances had been compromised by CVE-2025-0282. However, no such incidents have been reported for Ivanti Policy Secure or ZTA Gateways, and no exploitation of CVE-2025-0283 has been detected as of now. Despite this, it is crucial for all users to apply the patches to mitigate any potential risks.
Ivanti recommends that customers use the Integrity Checker Tool (ICT) to identify any signs of compromise related to CVE-2025-0282. This tool can help detect the presence of this vulnerability and ensure the integrity of the network infrastructure.
Affected Products and Versions
The vulnerabilities affect the following Ivanti products and versions:
| Product | Affected Version(s) | Resolved Version(s) | Patch Availability |
|---|---|---|---|
| Ivanti Connect Secure | 22.7R2 through 22.7R2.4 | 22.7R2.5 | Available Now via Ivanti Portal |
| Ivanti Policy Secure | 22.7R1 through 22.7R1.2 | 22.7R1.2 (fix planned) | Available January 21, 2025 |
| Ivanti Neurons for ZTA Gateways | 22.7R2 through 22.7R2.3 | 22.7R2.5 (fix planned) | Available January 21, 2025 |
Ivanti users should apply the relevant patches as soon as possible to secure their environments. For Ivanti Connect Secure users, the fix for CVE-2025-0282 and CVE-2025-0283 is already available for download. The fixes for Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways are expected to be released by January 21, 2025.
Security Recommendations and Mitigation
- Ivanti Connect Secure Users
- Clean ICT Scan: If the Integrity Checker Tool (ICT) shows no signs of compromise, upgrade to Ivanti Connect Secure version 22.7R2.5 immediately. It is also recommended to perform a factory reset on the appliance after the upgrade to ensure that no malware persists. Continue to monitor both internal and external ICT scans to detect potential vulnerabilities.
- Compromised ICT Scan: If ICT results show signs of exploitation, perform a factory reset of the appliance to remove any malicious activity. Afterward, upgrade to Ivanti Connect Secure 22.7R2.5 and continue to monitor for further anomalies.
- Ivanti Policy Secure Users
- Ivanti Policy Secure is not designed to be internet-facing, which significantly reduces the risk of exploitation. However, Ivanti still recommends that users apply the forthcoming patch, expected by January 21, 2025. Ensure that the IPS appliance is properly configured according to Ivanti’s security guidelines, and avoid exposing it to the internet.
- Ivanti Neurons for ZTA Gateways Users
- ZTA Gateways cannot be exploited when in production. However, if a gateway is generated and left unconnected to the ZTA controller, exploitation risks increase. The fix for ZTA Gateways will be available by January 21, 2025, and users should apply it promptly to prevent potential exploitation.
Integrity Checker Tool (ICT) Update
A new version of Ivanti’s Integrity Checker Tool (ICT-V22725, build 3819) was released on January 10, 2025, and is designed to work with all R2 versions of 22.X. This version of ICT resolves previous limitations and works across all relevant versions.
It is an essential tool for detecting signs of exploitation and ensuring that systems are secure after applying the patches.
Conclusion
Ivanti’s swift action in releasing patches for CVE-2025-0282 and CVE-2025-0283 marks a decisive move in safeguarding against serious security risks, such as remote code execution and privilege escalation. While Ivanti Connect Secure users are already protected, those relying on Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways can expect critical updates by January 21, 2025.
However, it’s not just about waiting for patches — it’s about proactive vigilance. With these vulnerabilities exposing businesses to potential exploits, it’s crucial for users to apply updates immediately and continuously monitor their network health using tools like the Integrity Checker Tool (ICT).
By combining timely patching with a strong, layered cybersecurity approach, organizations can enhace their defenses and significantly reduce the risk of a breach.
Security isn’t just about reacting; it’s about staying ahead.
