CVE-2025-0283: 
Ivanti Connect Secure vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability identified as CVE-2025-0283 affects multiple Ivanti products including Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3. The vulnerability was disclosed on January 8, 2025 (Ivanti Advisory).

The vulnerability is classified as a stack-based buffer overflow (CWE-121) that allows a local authenticated attacker to escalate their privileges. It has been assigned a CVSS v3.1 base score of 7.0 (High) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, Ivanti Advisory).

If successfully exploited, this vulnerability allows an authenticated attacker to escalate their privileges on the affected system, potentially gaining full control over the compromised device (Wiz Blog).

Ivanti has released patches to address this vulnerability. For Ivanti Connect Secure, users should upgrade to version 22.7R2.5. Ivanti Policy Secure users should upgrade to version 22.7R1.3, and Ivanti Neurons for ZTA Gateways users should upgrade to version 22.8R2. Ivanti recommends using their Integrity Checker Tool (ICT) to identify any suspicious activity and performing a factory reset before applying the patch (Ivanti Advisory).