cve/2025/CVE-2025-0282.md

### [CVE-2025-0282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0282)
![](https://img.shields.io/static/v1?label=Product&message=Connect%20Secure&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Neurons%20for%20ZTA%20gateways&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Policy%20Secure&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=22.7R1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=22.7R2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brightgreen)

### Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

### POC

#### Reference
- https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
- https://github.com/sfewer-r7/CVE-2025-0282
- https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/

#### Github
- https://github.com/0xAtef/0xAtef.github.io
- https://github.com/0xMarcio/cve
- https://github.com/0xor0ne/awesome-list
- https://github.com/20142995/nuclei-templates
- https://github.com/44xo/CVE-2025-0282
- https://github.com/AdaniKamal/CVE-2025-0282
- https://github.com/AnonStorks/CVE-2025-0282-Full-version
- https://github.com/B1ack4sh/Blackash-CVE-2025-0282
- https://github.com/GhostTroops/TOP
- https://github.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser
- https://github.com/Hexastrike/Ivanti-Secure-Connect-Logs-Parser
- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2
- https://github.com/Nop3z/IOTsec-all-in-one
- https://github.com/Ostorlab/KEV
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/SHW0331/cvegg
- https://github.com/Threekiii/CVE
- https://github.com/absholi7ly/CVE-2025-0282-Ivanti-exploit
- https://github.com/almanatra/CVE-2025-0282
- https://github.com/bachkhoasoft/awesome-list-ks
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/cyberdyne-ventures/predictions
- https://github.com/dev-chenxing/repos
- https://github.com/megabyte-b/Project-Ares
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/opendr-io/causality
- https://github.com/packetinside/CISA_BOT
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/punitdarji/Ivanti-CVE-2025-0282
- https://github.com/rxwx/pulse-meter
- https://github.com/sfewer-r7/CVE-2025-0282
- https://github.com/ums91/CISA_BOT
- https://github.com/watchtowrlabs/CVE-2025-0282
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2025-0282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0282)`
			`![](https://img.shields.io/static/v1?label=Product&message=Connect%20Secure&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Neurons%20for%20ZTA%20gateways&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Policy%20Secure&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=22.7R1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=22.7R2%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brightgreen)`

			`### Description`

			`A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.`

			`### POC`

			`#### Reference`
			`- https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day`
			`- https://github.com/sfewer-r7/CVE-2025-0282`
			`- https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/`

			`#### Github`
			`- https://github.com/0xAtef/0xAtef.github.io`
			`- https://github.com/0xMarcio/cve`
			`- https://github.com/0xor0ne/awesome-list`
			`- https://github.com/20142995/nuclei-templates`
			`- https://github.com/44xo/CVE-2025-0282`
			`- https://github.com/AdaniKamal/CVE-2025-0282`
			`- https://github.com/AnonStorks/CVE-2025-0282-Full-version`
			`- https://github.com/B1ack4sh/Blackash-CVE-2025-0282`
			`- https://github.com/GhostTroops/TOP`
			`- https://github.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser`
			`- https://github.com/Hexastrike/Ivanti-Secure-Connect-Logs-Parser`
			`- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2`
			`- https://github.com/Nop3z/IOTsec-all-in-one`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/PuddinCat/GithubRepoSpider`
			`- https://github.com/SHW0331/cvegg`
			`- https://github.com/Threekiii/CVE`
			`- https://github.com/absholi7ly/CVE-2025-0282-Ivanti-exploit`
			`- https://github.com/almanatra/CVE-2025-0282`
			`- https://github.com/bachkhoasoft/awesome-list-ks`
			`- https://github.com/cyb3r-w0lf/nuclei-template-collection`
			`- https://github.com/cyberdyne-ventures/predictions`
			`- https://github.com/dev-chenxing/repos`
			`- https://github.com/megabyte-b/Project-Ares`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/opendr-io/causality`
			`- https://github.com/packetinside/CISA_BOT`
			`- https://github.com/plzheheplztrying/cve_monitor`
			`- https://github.com/punitdarji/Ivanti-CVE-2025-0282`
			`- https://github.com/rxwx/pulse-meter`
			`- https://github.com/sfewer-r7/CVE-2025-0282`
			`- https://github.com/ums91/CISA_BOT`
			`- https://github.com/watchtowrlabs/CVE-2025-0282`