Ivanti Product Security Update Advisory

Jan 09 2025

Overview

We have released a security update to fix vulnerabilities in Ivanti products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-0282

Ivanti Connect Secure versions: 22.7R2 (inclusive) ~ 22.7R2.4 (inclusive)
Ivanti Policy Secure Versions: 22.7R1 (inclusive) ~ 22.7R1.2 (inclusive)
Ivanti Neurons for ZTA gateways versions: 22.7R2 (inclusive) ~ 22.7R2.3 (inclusive)

CVE-2025-0283

Ivanti Connect Secure Versions: ~ 22.7R2.4 (inclusive)
Ivanti Policy Secure Versions: ~ 22.7R1.2 (inclusive)
Ivanti Neurons for ZTA gateways version: ~ 22.7R2.3 (inclusive)

Resolved Vulnerabilities

Remote code execution via stack buffer overflow by a remote, unprivileged user (CVE-2025-0282)
privilege escalation via stack buffer overflow by a local, unprivileged user (CVE-2025-0283)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-0282, CVE-2025-0283

Ivanti Connect Secure version: 22.7R2.5
Ivanti Policy Secure: (planned patch on January 21)
Ivanti Neurons for ZTA gateways version: 22.7R2.5 (planned for patch on January 21)

References

[1] Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283)
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US

Ivanti Product Security Update Advisory

Dell Product Security Update Advisory (CVE-2025-22395)

Google Chrome Browser (131.0.6778.264/.265) Security Update Advisory

Tags:

Dell Product Security Update Advisory (CVE-2025-22395)

Google Chrome Browser (131.0.6778.264/.265) Security Update Advisory