About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITies
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
CVSS Score: 9.0 (Critical)
Identifier: CVE-2025-0282
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-0282 – Ivanti Security Advisory
Description: CVE-2025-0282 is a critical stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This flaw allows unauthenticated remote attackers to execute arbitrary code on the affected devices, potentially leading to full system compromise. Active exploitation of this vulnerability has been observed, with threat actors deploying malware such as the SPAWN ecosystem, including components like SpawnAnt, SpawnMole, and SpawnSnail, as well as previously undocumented malware families DRYHOOK and PHASEJAM.
Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Ivanti Security Advisory. Immediate patching is recommended to prevent potential exploitation.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Local Privilege Escalation Vulnerability
CVSS Score: 7.0 (High)
Identifier: CVE-2025-0283
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2025-0283 – Ivanti Security Advisory
Description: CVE-2025-0283 is a high-severity stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This flaw allows a locally authenticated attacker to escalate their privileges, potentially leading to unauthorized access and control over the affected systems.
Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Ivanti Security Advisory. Immediate patching is recommended to prevent potential exploitation.