Two critical zero-day vulnerabilities, CVE-2025-0282 (CVSS 9.0) and CVE-2025-0283 (CVSS 7.0), affect Ivanti Connect Secure, Policy Secure, and ZTA Gateways, with CVE-2025-0282 being an unauthenticated stack-based buffer overflow leading to remote code execution and already exploited in the wild. Affected versions are Ivanti Connect Secure versions 22.7 and earlier, specifically versions before 9.1 and versions 22.2 through 22.7, with fixed versions being 9.1 and 22.7R2.5 for ICS. Immediate patching to these fixed versions is required, and Ivanti's Integrity Checker Tool should be used to identify any existing exploitation.
What are the Vulnerabilities? Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. CVE-2025-0282 is an unauthenticated stack-based buffer overflow affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Successful exploitation could result in unauthenticated remote code execution and CVE-2025-0283 is a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a local authenticated attacker to escalate their privileges. According to a blog released by Mandiant, it has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation | Google Cloud Blog In light of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-0282 to the Known Exploited Vulnerabilities (KEV) catalog on January 8, 2025. Microsoft Threat Intelligence Center reported In January 2025, Silk Typhoon was also observed exploiting a zero-day vulnerability in the public facing Ivanti Pulse Connect VPN (CVE-2025-0282). Silk Typhoon targeting IT supply chain | Microsoft Security Blog What is the recommended Mitigation? A patch is available; please refer to the Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283) The Integrity Checker Tool (ICT) provided by Ivanti to ensure the integrity and security of the entire network infrastructure can identify exploitation of CVE-2025-0282. CISA has also provided Mitigation Instructions for CVE-2025-0282: https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282 What FortiGuard Coverage is available? FortiGuard Labs recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor’s advisory. FortiGuard Labs has blocked all the known malware and related Indicators of Compromise (IOCs) noted on the campaign targeting the Ivanti vulnerability. FortiGuard Labs has available IPS protection to detect and block any attack attempts targeting the (CVE-2025-0282), Buffer Overflow vulnerability in Ivanti Connect Secure. Intrusion Prevention | FortiGuard Labs. The FortiGuard Incident Response team can be engaged to help with any suspected compromise.