Ivanti has published a security advisory detailing two stack-based buffer overflows vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA Gateways.

CVE-2025-0282 – A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

CVE-2025-0283 – A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

Ivanti is aware of active exploitation of these vulnerabilities.

The NCSC is working to fully understand the UK impact and investigating cases of active exploitation affecting UK networks.

Organisations using Ivanti Connect Secure, Policy Secure or ZTA Gateways are vulnerable.

The NCSC recommends following vendor best-practice advice to mitigate vulnerabilities. In this case, if you use an affected product, you should take these priority actions:

1. Run the Ivanti external Integrity Checker Tool (ICT). The ICT offers a snapshot of the current state of the appliance and cannot necessarily detect threat actor activity if the appliance has been returned to a clean state. The ICT does not scan for malware or indicators of compromise (IoCs).
2. Perform a compromise assessment. (Check for compromise using the detection steps and IoCs detailed in the
3. If you believe you have been compromised and are in the UK, you should report it to the NCSC.
4. Before intalling updates, the vendor recommends performing a factory reset.
5. Install the latest security update:
   
   • Ivanti Connect Secure version 22.7R2.5 or later available now.
   • Ivanti Policy Secure update due 21 Jan 2025. This product should not be exposed to the internet.
   • Ivanti Neurons for ZTA gateways update due 21 Jan 2025. If a gateway for this solution is generated and left unconnected to a ZTA controller, then there is a risk of exploitation.
6. Perform continuous monitoring and threat hunting activities.

The NCSC provides a range of free guidance, services and tools that help to secure systems.

• Follow NCSC guidance including vulnerability management and preventing lateral movement.
• If your organisation is in the UK, you can sign up to the free NCSC Early Warning service to receive notifications of potential cyber threats on your network. If you are already an Early Warning user, please check your MyNCSC portal.
• The NCSC Vulnerability Disclosure Toolkit helps organisations of all sizes with the essential components of implementing a vulnerability disclosure process.