Researchers identified a critical vulnerability, CVE-2025-0282, that affects Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons, zero trust access (ZTA) gateways. This vulnerability can enable unauthenticated remote code execution (RCE), allow attackers to compromise the security and integrity of affected systems, and give attackers access to promote lateral movement. Continue reading this Cybersecurity Threat Advisory to keep your environment safe.
What is the threat?
CVE-2025-0282 is a stack-based buffer overflow vulnerability present in Ivanti Connect Secure versions prior to 22.7R2.5, Ivanti Policy Secure versions prior to 22.7R1.2, and Ivanti Neurons for ZTA gateways prior 22.7R2.3. A successful exploitation of this vulnerability enables RCE of arbitrary code on the affected devices. Notably, the RESURGE malware has been observed leveraging this flaw to deploy rootkits, backdoors, and web shells, facilitating unauthorized access and control over compromised systems.
Why is it noteworthy?
Ivanti’s products are used for secure remote access and policy enforcement across organizations. Exploiting CVE-2025-0282 poses significant risks, including unauthorized access, data exfiltration, and potential full-system compromise. The emergence of sophisticated malware like RESURGE underscores the critical need for immediate attention and remediation.
What is the exposure or risk?
Organizations using vulnerable versions of Ivanti are at risk of attackers exploiting this vulnerability to execute code on the device and gain access, as well as, deploying malware to manipulate system logs and establish backdoors.
What are the recommendations?
Barracuda recommends the following actions to protect your environment:
- Update all Ivanti Connect Secure appliances to the latest versions that address CVE-2025-0282.
- Implement strong password policies and multi-factor authentication.
- Monitor administrative accounts for unauthorized activity.
- Segment your network to limit the spread of malware and isolate critical systems.
- Disable any services that are not essential to reduce the attack surface.
- Conduct regular security audits and vulnerability assessments to identify and mitigate potential risks.
References
For more in-depth information about the recommendations, please visit the following links:
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US
- https://thehackernews.com/2025/03/resurge-malware-exploits-ivanti-flaw.html
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.