Intel Name: Ivanti connect secure vpn targeted in new zero-day exploitation
Date of Scan: January 20, 2025
Impact: High
Summary: On Wednesday, January 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, affecting Ivanti Connect Secure (ICS) VPN appliances. Zero-day exploitation of CVE-2025-0282 has been observed in the wild since mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow that, if successfully exploited, could enable remote code execution without authentication, potentially compromising the victim’s network.