CVE-2025-0282 — Ivanti Connect Secure, Policy Secure, and ZTA Gateways

known ransomware use

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Added to KEV

2025-01-08

Federal due date

2025-01-15

Vendor

Ivanti

Product

Connect Secure, Policy Secure, and ZTA Gateways

EPSS

99.9th percentile (score 0.941, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Known

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2025-0282

CISA short description

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.

Required action

Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.