skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Ivanti Issues Advisory for Critical Vulnerabilities in Connect Secure

/ 1 min read

🛡️‍💻 Ivanti issues security advisory for critical vulnerabilities in Connect Secure. On January 8, 2025, Ivanti announced two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, affecting its Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282, a remote unauthenticated stack-based buffer overflow, has been actively exploited, allowing attackers to achieve remote code execution (RCE) with limited privileges. The advisory noted that while CVE-2025-0283, a local privilege escalation vulnerability, was patched simultaneously, there are no known exploits for it. Security firm watchTowr provided insights into the exploitation strategy, revealing that RCE could be achieved through brute-forcing address guessing, taking approximately 30 minutes in testing. The vulnerabilities pose significant risks, particularly for enterprise environments relying on Ivanti’s SSL VPN solutions.

Source
{entry.data.source.title}
Original