Ivanti Zero-Day [CVE-2025-0282 & CVE-2025-0283] Ingrid Connect Secure, Policy Secure, and ZTA Gateways from Ivanti have two stack-based buffer overflow vulnerabilities: CVE-2025-0282 This can be used by threat actors to gain remote code execution. Listed as CISA-KEV, indicating that this is actively being exploited. CVE-2025-0283 – This could allow a local authenticated attacker to escalate privileges. What To Do Ivanti released a patch for both of these vulnerabilities. They recommend using their Integrity Checking Tool to look for signs of compromise. Any signs of compromise require a factory reset before upgrading to the latest secure version. Resources Ivanti, “Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283)” NIST NVD, “CVE-2025-0282 Detail” NIST NVD, “CVE-2025-0283 Detail” January 16, 2025: Published. Related articles Ivanti Zero-Day [CVE-2025-0282 & CVE-2025-0283] – January 16, 2025 Findings: Vulnerability Detection Running a Risk Remediation Plan What Content-Security-Policy (CSP) Directives are Assessed? My Subsidiary Subscriptions Feedback 0 comments Please sign in to leave a comment.