Emerging Threat: Ivanti Connect Secure CVE-2025-0282 and CVE-2025-0283
On Wednesday, January 8th, Ivanti disclosed two severe vulnerabilities affecting Ivanti Connect Secure VPN devices. Ivanti Connect Secure is an external-facing SSL VPN used to secure remote access to corporate networks. Ivanti Policy Secure is an internal network-access control solution designed for regulating access within an enterprise’s network. The critical vulnerability (CVSS 9.0) CVE-2025-0282 allows unauthenticated remote code execution (RCE) through a stack-based buffer overflow.