CyberSecurityBoard
Sponsor Register Login

CVE-2025-0282

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

This Cyber News was published on www.tenable.com. Publication date: Wed, 08 Jan 2025 00:00:00 +0000


Cyber News related to CVE-2025-0282

SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News - Among these incidents, cybersecurity researchers identified an evolved variant of the SPAWN malware family dubbed “SPAWNCHIMERA” that not only exploits this flaw but also deploys a self-contained fix to prevent competing threat actors ...
5 months ago Cybersecuritynews.com CVE-2025-0282 Chimera
Ivanti patches Connect Secure zero-day exploited since mid-March - Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. While Ivanti has yet to disclose more details ...
4 months ago Bleepingcomputer.com CVE-2025-22457
Chinese Hackers Exploit Ivanti VPN Vulnerabilities to Infiltrate Organizations - A China-linked advanced persistent threat (APT) group has exploited critical vulnerabilities in Ivanti Connect Secure VPN appliances to infiltrate organizations across 12 countries and 20 industries, cybersecurity firm TeamT5 revealed in a report ...
3 months ago Cybersecuritynews.com CVE-2025-0282 Chimera
Threat Actors Exploiting Ivanti Connect Secure Vulnerabilities to Deploy Cobalt Strike Beacon - The ongoing attacks demonstrate advanced persistent threat techniques, deploying multiple malware families including MDifyLoader, Cobalt Strike Beacon, vshell, and Fscan to establish long-term access to compromised networks. Following initial ...
3 weeks ago Cybersecuritynews.com CVE-2025-0282
CVE-2025-0282 - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code ...
4 months ago Tenable.com CVE-2023-46805 CVE-2025-22457
Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The findings, detailed in iVerify’s latest report, highlight the spyware’s ability to bypass traditional safeguards and ...
5 months ago Cybersecuritynews.com CVE-2025-0282
Microsoft Warns of Silk Typhoon Hackers Attacking IT Supply Chain - Microsoft Threat Intelligence has identified a significant shift in tactics by Silk Typhoon, a Chinese state-sponsored espionage group that has begun targeting common IT solutions including remote management tools and cloud applications to gain ...
5 months ago Cybersecuritynews.com CVE-2025-0282
CISA Warns of ESURGE Malware Exploiting Ivanti RCE Vulnerability - The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report (MAR-25993211-r1.v1) detailing the exploitation of a critical vulnerability in Ivanti Connect Secure devices (CVE-2025-0282). Additionally, CISA ...
4 months ago Cybersecuritynews.com CVE-2025-0282
Hackers Exploited Ivanti Connect Secure 0-Day to Install DslogdRAT & Web Shell - The attacks, occurring around December 2024, leveraged CVE-2025-0282 to deploy multiple malicious tools, including a custom malware called DslogdRAT and a specially crafted web shell. This technique, while not highly sophisticated, provides ...
3 months ago Cybersecuritynews.com CVE-2025-0282
CVE-2014-0282 - Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-2014-1799 - Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-2014-1803 - Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-2014-1779 - Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-2014-2757 - Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-2014-1775 - Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-1999-0282 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1584, CVE-1999-1586. Reason: This candidate combined references from one issue with the description from another issue. Notes: Users should consult CVE-1999-1584 and ...
55 years ago Tenable.com
CVE-2017-8534 - Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper ...
8 years ago
CVE-2017-0282 - Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows ...
2 years ago
CVE-2017-0284 - Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows ...
2 years ago
CVE-2017-0285 - Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft ...
2 years ago
CVE-2007-5561 - Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to ...
16 years ago
CVE-2005-2697 - SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282. ...
8 years ago
CVE-2022-0282 - Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11. ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)