REDLEGG BLOG

Emergency Security Bulletin: Multiple Vulnerabilities affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways

1/9/25 10:20 AM  |  by RedLegg's Cyber Threat Intelligence Team

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.


VULNERABILITies

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

CVSS Score: 9.0 (Critical)
Identifier: CVE-2025-0282
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-0282 – Ivanti Security Advisory

Description: CVE-2025-0282 is a critical stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This flaw allows unauthenticated remote attackers to execute arbitrary code on the affected devices, potentially leading to full system compromise. Active exploitation of this vulnerability has been observed, with threat actors deploying malware such as the SPAWN ecosystem, including components like SpawnAnt, SpawnMole, and SpawnSnail, as well as previously undocumented malware families DRYHOOK and PHASEJAM.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Ivanti Security Advisory. Immediate patching is recommended to prevent potential exploitation.


Ivanti Connect Secure, Policy Secure, and ZTA Gateways Local Privilege Escalation Vulnerability

CVSS Score: 7.0 (High)
Identifier: CVE-2025-0283
Exploit or POC: No known public proof of concept has been reported. 
Update: CVE-2025-0283 – Ivanti Security Advisory

Description: CVE-2025-0283 is a high-severity stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This flaw allows a locally authenticated attacker to escalate their privileges, potentially leading to unauthorized access and control over the affected systems.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Ivanti Security Advisory. Immediate patching is recommended to prevent potential exploitation.

Get Blog Updates

Related Articles

Emergency Security Bulletin: Multiple SAP NetWeaver Vulnerabilities Vulnerability Bulletins

Emergency Security Bulletin: Multiple SAP NetWeaver Vulnerabilities

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Patch Tuesday - January 2025 Vulnerability Bulletins

Patch Tuesday - January 2025

*Important note: These are not the only vulnerabilities that were recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin