CVE-2025-0283

high-risk

Published 2025-01-08

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

Do I need to act?

45.1% chance of exploitation in next 30 days

EPSS score — higher than 55% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (20)

Connect Secure

Affected Vendors

Ivanti

References (1)

Vendor Advisory https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Poli...

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 17/34 · Moderate

Exposure 29/34 · Critical