Security Patch Released for Ivanti Connect Secure SSL VPN Appliances

Vulnerabilities Addressed in Latest Update

IT software provider Ivanti has released patches for its Connect Secure SSL VPN appliances to address two memory corruption vulnerabilities, one of which has already been exploited in the wild as a zero-day to compromise devices.

Exploited Vulnerability: CVE-2025-0282

The exploited vulnerability, tracked as CVE-2025-0282, is a stack-based buffer overflow rated as critical with a CVSS score of 9.0. This flaw can be exploited without authentication to achieve remote code execution and impacts Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways.

Second Vulnerability: CVE-2025-0283

The second vulnerability, CVE-2025-0283, is also a stack-based buffer overflow impacting the same products but requires authentication to exploit and can only lead to privilege escalation. It’s rated as high severity with a CVSS score of 7.0.

What You Need to Know

• The vulnerabilities are present in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways.
• CVE-2025-0282 is rated as critical with a CVSS score of 9.0, allowing remote code execution without authentication.
• CVE-2025-0283 is rated as high severity with a CVSS score of 7.0, requiring authentication and leading to privilege escalation.
• Patches are available for download from Ivanti’s website.

Conclusion

Ivanti’s release of patches for its Connect Secure SSL VPN appliances is a critical step in addressing the identified vulnerabilities. It is essential for all users of these products to apply the updates as soon as possible to ensure the security and integrity of their systems. Failure to do so may leave devices vulnerable to exploitation, leading to serious consequences.

FAQs

What is the impact of the vulnerabilities?

* CVE-2025-0282 can lead to remote code execution without authentication, while CVE-2025-0283 can lead to privilege escalation with authentication.

What products are affected by the vulnerabilities?

* Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways.

How can I get the patches?

* Patches are available for download from Ivanti’s website.

What is the CVSS score for each vulnerability?

* CVE-2025-0282: 9.0
* CVE-2025-0283: 7.0