{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0283", "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "state": "PUBLISHED", "assignerShortName": "ivanti", "dateReserved": "2025-01-06T16:53:11.756Z", "datePublished": "2025-01-08T22:15:59.822Z", "dateUpdated": "2025-01-09T17:41:24.544Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Connect Secure", "vendor": "Ivanti", "versions": [{"status": "unaffected", "version": "22.7R2.5", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Policy Secure", "vendor": "Ivanti", "versions": [{"status": "affected", "version": "22.7R1.2", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Neurons for ZTA gateways", "vendor": "Ivanti", "versions": [{"status": "unaffected", "version": "22.7R2.5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>"}], "value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "shortName": "ivanti", "dateUpdated": "2025-01-08T22:15:59.822Z"}, "references": [{"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-09T15:56:25.438413Z", "id": "CVE-2025-0283", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-09T17:41:24.544Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0283", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-09T15:56:25.438413Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-09T17:41:21.471Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ivanti", "product": "Connect Secure", "versions": [{"status": "unaffected", "version": "22.7R2.5", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Ivanti", "product": "Policy Secure", "versions": [{"status": "affected", "version": "22.7R1.2", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Ivanti", "product": "Neurons for ZTA gateways", "versions": [{"status": "unaffected", "version": "22.7R2.5", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "shortName": "ivanti", "dateUpdated": "2025-01-08T22:15:59.822Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0283", "state": "PUBLISHED", "dateUpdated": "2025-01-09T17:41:24.544Z", "dateReserved": "2025-01-06T16:53:11.756Z", "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "datePublished": "2025-01-08T22:15:59.822Z", "assignerShortName": "ivanti"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", "matchCriteriaId": "3281AC31-EAEC-4C8D-A0AA-3CDD1092D3EE", "versionEndExcluding": "9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", "matchCriteriaId": "C990BF25-46FA-491B-BED0-7C41F10EA49C", "versionEndExcluding": "22.7", "versionStartIncluding": "22.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*", "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*", "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*", "matchCriteriaId": "130C8955-BDA4-4518-8EBA-740EB08FC3E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*", "matchCriteriaId": "5A3A93FE-41BF-43F2-9EFC-89656182329F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*", "matchCriteriaId": "5AA4B39F-2FB9-4752-B1F1-18812B0990B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*", "matchCriteriaId": "232BAB6C-D318-4F80-8F49-4E700C21F535", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*", "matchCriteriaId": "8D5F47BA-DE6D-443D-95C3-A45F80EDC71E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*", "matchCriteriaId": "ABD840BF-944E-4F4C-96DC-0256286338F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*", "matchCriteriaId": "A1995F34-AE75-47C4-9A9D-DBB1D3E130E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*", "matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*", "matchCriteriaId": "6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*", "matchCriteriaId": "2DDDA231-2A5E-4C70-8620-535C7F9027A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*", "matchCriteriaId": "32E0B425-A9BA-4D00-84A9-46268072D696", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*", "matchCriteriaId": "BBC724E8-195B-4CB4-AC2A-63E184AED4F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*", "matchCriteriaId": "7162C24D-D181-49CC-B8C2-9EE3E0CDF846", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*", "matchCriteriaId": "65435A96-EF7A-439A-AA6C-CB7EAEF0A963", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*", "matchCriteriaId": "3027A9CE-849E-4CAE-A1C4-170DEAF4FE86", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*", "matchCriteriaId": "C132BA26-BCA0-43E6-9511-34ACFFA136A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14.4:*:*:*:*:*:*", "matchCriteriaId": "06520C75-9326-4C21-8AD6-6DE1ED031959", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*", "matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*", "matchCriteriaId": "D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*", "matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*", "matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*", "matchCriteriaId": "DB6CEA16-F422-48F1-9473-3931B1BFA63F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*", "matchCriteriaId": "E238AB9F-99C1-4F0D-B442-D390065D35D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.2:*:*:*:*:*:*", "matchCriteriaId": "8971445A-D65F-4C0E-906F-7AC4953C5689", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*", "matchCriteriaId": "28FDE909-711C-41EC-8BA6-AC4DE05EA27E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.1:*:*:*:*:*:*", "matchCriteriaId": "080CD832-3324-4158-A4CD-3A2E49B7BC74", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.2:*:*:*:*:*:*", "matchCriteriaId": "DB2B8165-E9D4-4549-B16E-A62810BDAF8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.3:*:*:*:*:*:*", "matchCriteriaId": "014C7627-F211-48B1-80FA-3A7F608B4F23", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.7:*:*:*:*:*:*", "matchCriteriaId": "A5592C84-538C-47AB-8042-09B42D89BB0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.8:*:*:*:*:*:*", "matchCriteriaId": "7DC6A046-F81C-4CBA-B06E-081AA550C91C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.9:*:*:*:*:*:*", "matchCriteriaId": "95500536-B5FD-4373-BF78-FB17745EB5F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*", "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*", "matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*", "matchCriteriaId": "BD52B87C-4BED-44AE-A959-A316DAF895EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*", "matchCriteriaId": "8CA29F12-36DE-4FBF-9EE7-7CE4B75AFA61", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*", "matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*", "matchCriteriaId": "6564FE9E-7D96-4226-8378-DAC25525CDD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*", "matchCriteriaId": "3447428E-DBCD-4553-B51D-AC08ECAFD881", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*", "matchCriteriaId": "A08BAF98-7F05-4596-8BFC-91F1A79D3BD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E4387B4-BC5C-41DE-92DA-84866A649AD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*", "matchCriteriaId": "24514B40-540E-45D7-90DC-BCC1D9D7E92C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r4:*:*:*:*:*:*", "matchCriteriaId": "BFD510E9-12DC-4942-BAA0-6405CBD905EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r5:*:*:*:*:*:*", "matchCriteriaId": "EA11BB6D-36C7-438B-A5A7-71C3CB2E5EC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r1:*:*:*:*:*:*", "matchCriteriaId": "7B01001B-FA11-4297-AB81-12A00B97C820", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r4:*:*:*:*:*:*", "matchCriteriaId": "9F28E6B1-44AB-4635-8939-5B0A44BED1E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r1:*:*:*:*:*:*", "matchCriteriaId": "3E9D957B-49F9-492D-A66A-0D25BA27AD35", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r3:*:*:*:*:*:*", "matchCriteriaId": "D1AB497E-E403-4DEE-A83D-CB2E119E5E96", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1:*:*:*:*:*:*", "matchCriteriaId": "CA6B3322-9AFB-44B5-B571-995AB606FD01", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1.2:*:*:*:*:*:*", "matchCriteriaId": "47CB7C12-D642-4015-842C-37241F87DB86", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1:*:*:*:*:*:*", "matchCriteriaId": "58E49DF1-F66A-4F52-87FA-A50DFD735ECB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.2:*:*:*:*:*:*", "matchCriteriaId": "62A0393A-C1C6-4708-BC41-5A5B8FB765FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.3:*:*:*:*:*:*", "matchCriteriaId": "1F3358B0-4751-4DCD-8BFC-BB4C68505658", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.5:*:*:*:*:*:*", "matchCriteriaId": "5C9313A0-2F33-412B-A6F0-E51AE19E199B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.6:*:*:*:*:*:*", "matchCriteriaId": "2979603E-F5CF-4C53-9828-36795E1B6247", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.7:*:*:*:*:*:*", "matchCriteriaId": "D0D33C96-EE5C-41EB-8D9F-88ED025C191A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1:*:*:*:*:*:*", "matchCriteriaId": "9F0A44E1-3670-4AD5-A54D-FDA6C200AA73", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.2:*:*:*:*:*:*", "matchCriteriaId": "C5B4CE43-2D9B-4DF9-AC2A-F649622CD190", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.3:*:*:*:*:*:*", "matchCriteriaId": "3C9B3FF8-F613-404D-BC85-9DD6F2A6DB5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.4:*:*:*:*:*:*", "matchCriteriaId": "CFC583B5-18F5-4943-8C68-6C601857CE5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.5:*:*:*:*:*:*", "matchCriteriaId": "6E4DE5D9-C92B-4143-835F-2D16F0CC328F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.6:*:*:*:*:*:*", "matchCriteriaId": "F874F69E-C621-4C4B-802F-900E7BFAB71B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2:*:*:*:*:*:*", "matchCriteriaId": "67D43D1D-564D-4ACD-B0FF-3828B95E9864", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.2:*:*:*:*:*:*", "matchCriteriaId": "BC8480E0-17C0-4590-950F-D3954E735365", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.3:*:*:*:*:*:*", "matchCriteriaId": "3FAF4FB0-A88C-4A87-B6CB-32EF7B415885", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", "matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C", "versionEndExcluding": "22.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*", "matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*", "matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*", "matchCriteriaId": "8D24A8DB-D697-4C60-935D-B08EE36861CB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.5, Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.2 e Ivanti Neurons para puertas de enlace ZTA anteriores a la versi\u00f3n 22.7R2.3 permite que un atacante autenticado local escale sus privilegios."}], "id": "CVE-2025-0283", "lastModified": "2025-01-14T15:58:55.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-08T23:15:09.920", "references": [{"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "tags": ["Vendor Advisory"], "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283"}], "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}