Pre-auth stack overflow in Ivanti Connect Secure. Exploited by UTA0178 nation-state actor within 2 weeks of disclosure.
| CVE ID | CVE-2025-0282 |
| Vendor | Ivanti |
| Affected Product | Connect Secure |
| Vulnerability Type | RCE |
| CVSS Score | 9.0 (CRITICAL) |
| Actively Exploited | ✅ Yes — CISA KEV Listed |
| Patch Available | Ivanti Jan 2025 |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence |
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.