CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild

Tenable reports two stack-based buffer overflow vulnerabilities in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways—CVE-2025-0282 (CVSS 9.0) is a zero-day exploited in the wild that yields unauthenticated RCE and has an available public PoC; observed post-exploitation artifacts include SPAWN family malware, DRYHOOK and PHASEJAM. Ivanti and researchers recommend applying vendor patches, using Ivanti's Integrity Checker Tool to detect compromises, and performing device remediation where indicators of compromise are found.