Critical Ivanti Connect Secure zero-day flaw under attack

Although Ivanti has seen exploitation of CVE-2025-0282 in only Ivanti Connect Secure instances, Ivanti Policy Secure and ZTA gateways are also vulnerable to the flaw.

• Share this item with your network:

• Alexander Culafi, Senior News Writer

A critical vulnerability that affects Ivanti's Connect Secure, Policy Secure and ZTA gateways products is under attack, the network security vendor disclosed Wednesday.

The vulnerability, tracked as CVE-2025-0282 , is a stack-based buffer overflow vulnerability that received a 9.0 CVSS score. The zero-day flaw affects Ivanti Connect Secure versions prior to 22.7R2.5, Ivanti Policy Secure versions prior to 22.7R1.2, and Ivanti Neurons for ZTA gateways versions prior to 22.7R2.3. According to an Ivanti security advisory published Wednesday, the flaw "allows a remote unauthenticated attacker to achieve remote code execution."

Ivanti also disclosed CVE-2025-0283, a stack-based buffer overflow vulnerability that affects the same versions of Ivanti's products ...