www.belgium.be Logo of the federal government

Warning: Critical and high Buffer Overflow in ivanti connect secure and policy secure and neurons, Patch Immediately!

Referentie: 
Advisory #2025-008
Versie: 
1.0
Geïmpacteerde software: 
Ivanti Connect Secure before version 22.7R2.5
Ivanti Connect Secure before version 22.7R2.5 Ivanti Policy Secure before version 22.7R1.2
Ivanti Neurons for ZTA gateways before version 22.7R2.3
Type: 
Buffer Overflow
CVE/CVSS: 

CVE-2025-0282
CVSS 9.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVE-2025-0283
CVSS 7.0 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Bronnen

Risico’s

Ivanti Connect Secure is secure remote access solution that provides VPN and secure application access for users, enabling them to safely connect to corporate networks from anywhere.
Ivanti Policy Secure is a network access control (NAC) solution that enforces security policies for user devices, ensuring only compliant and trusted devices can access corporate resources.
Ivanti Neurons for Zero Trust Architecture (ZTA) Gateways dynamically enforces adaptive security policies and provides secure access to applications based on contextual factors like identity and device posture.

The first (CVE-2025-0282) zero-day vulnerability have already been actively exploited in the wild. It is unknown if the second one (CVE-2025-0283) has been exploited.
Both of those vulnerabilities have a high impact on confidentiality, integrity and availability.

Beschrijving

Both vulnerabilities stem from stack-based buffer overflow.
If abused, CVE-2025-0282 can allow a remote attacker without authentication to achieve remote code execution.
Respectively, if abused, CVE-2025-0283 allows a local attacker, which has been authenticated, to escalate their privileges.
Using the Integrity Checker Tool (ICT) of Ivanti can reveal if exploitation has taken place.

Aanbevolen acties

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Ivanti has addressed this issue in version 22.7R2.5, and users are strongly advised to update to this version to mitigate the risk.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/nl/cert/een-incident-melden.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties