2025-01-30 23:45:48 Pacfic
Ivanti Connect Secure RCE Vulnerability - 10d
A critical remote code execution vulnerability, identified as CVE-2025-0282, has been discovered in Ivanti Connect Secure, affecting versions prior to 22.7R2.5. This flaw is due to a stack-based buffer overflow, and allows unauthenticated, remote attackers to execute arbitrary code. A proof-of-concept exploit, named CVE-2025-0282.rb, has been released, demonstrating how attackers can bypass Address Space Layout Randomization (ASLR) by guessing the base address of a shared library, which could take around 30 minutes in testing. The vulnerability impacts the IF-T/TLS protocol handler on TCP port 443, allowing attackers to gain remote code execution with non-root "nr" user privileges.
Ivanti has acknowledged the vulnerability and assigned it a high CVSS score of 9.0, emphasizing the urgent need for patching. Security analysts have rated both the attacker value and exploitability of this flaw as very high, further highlighting the critical nature of this issue. The flaw was first discovered in the wild around mid-December 2024, with technical analysis by watchTowr on January 10th providing in-depth details of the exploitation mechanics. A related but separate vulnerability, CVE-2025-0283, concerning local privilege escalation was also addressed by Ivanti, however, there are currently no reports of it being exploited.
ImgSrc: blogger.googleusercontent.com
References:
- gbhackers.com - PoC Exploit Released for Ivanti Connect Secure RCE Vulnerability - 11d
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - PoC Exploit Released for Ivanti Connect Secure RCE Vulnerability - 11d
- github.com - CVE-2025-0282: Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282) - 11d
- Security Affairs - A critical remote code execution vulnerability (CVE-2025-0282) has been found in Ivanti Connect Secure, affecting versions prior to 22.7R2.5. - 11d
Classification:
- HashTags: Ivanti RCE CVE-2025-0282
- Company: Ivanti
- Target: Ivanti Connect Secure Users
- Product: Ivanti Connect Secure
- Feature: Remote Code Execution
- Type: Vulnerability
- Severity: Major