IT software program supplier Ivanti launched patches Wednesday for its Join Safe SSL VPN home equipment to deal with two reminiscence corruption vulnerabilities, considered one of which has already been exploited within the wild as a zero-day to compromise units.
The exploited vulnerability, tracked as CVE-2025-0282, is a stack-based buffer overflow rated as vital with a CVSS rating of 9.0. The flaw will be exploited with out authentication to attain distant code execution and impacts Ivanti Join Safe, Ivanti Coverage Safe, and Ivanti Neurons for ZTA gateways.
The second vulnerability, CVE-2025-0283, can also be a stack-based buffer overflow impacting the identical merchandise however requires authentication to take advantage of and may solely result in privilege escalation. It’s rated as excessive severity with a CVSS rating of seven.0.
