Ivanti Zero-Day [CVE-2025-0282 & CVE-2025-0283] – January 16, 2025 Ingrid Connect Secure, Policy Secure, and ZTA Gateways from Ivanti have two stack-based buffer overflow vulnerabilities: CVE-2025-0282 This can be used by threat actors to gain remote code execution. Listed as CISA-KEV, indicating that this is actively being exploited. CVE-2025-0283 – This could allow a local authenticated attacker to escalate privileges. Ivanti has stated that they are not aware of any instances of CVE-2025-0283 being exploited. This is likely due to CVE-2025-0283 requiring local privileges, while CVE-2025-0282 does not. See the resource center. Status 09-JAN-2025 – Investigation began, completed a Proof of Concept (PoC), and initiated a full scan so that vulnerability data surrounding these vulnerabilities can be ingested into Bitsight repositories. Related articles Ivanti Zero-Day [CVE-2025-0282 & CVE-2025-0283] SonicWall Untrusted Data Pre-authentication Deserialization [CVE-2025-23006] – January 24, 2025 GET: Assets What is a Finding Lifetime? The Bitsight Security Ratings' Correlation to Ransomware Feedback 0 comments Please sign in to leave a comment.