CVE-2025-0282

This exploit demonstrates a buffer overflow vulnerability in Ivanti Connect Secure 22.7R2.5, allowing remote code execution by overwriting the return address with the address of system() and executing arbitrary commands. It includes functionality to upload a web shell and execute commands on the target system.

This is a functional exploit for CVE-2025-0282, targeting a buffer overflow in Ivanti Connect Secure to achieve remote command execution (RCE). It uploads a web shell and provides post-exploitation commands for persistence and cleanup.

This is a functional proof-of-concept exploit for CVE-2025-0282, demonstrating a remote unauthenticated stack-based buffer overflow in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways. It uses a ROP chain to achieve remote code execution, creating a temporary file on the target system as proof of exploitation.

This repository contains a proof-of-concept exploit for CVE-2025-0282, a pre-authentication remote code execution vulnerability in Ivanti Connect Secure due to a TLS stack overflow. The PoC operates in two modes (normal and exploit) to test and potentially exploit the vulnerability, though it requires manual adjustments for specific targets.

This repository provides a Python script to parse Ivanti Secure Connect .vc0 log files into CSV format for forensic analysis, specifically targeting CVE-2025-0282. The tool extracts timestamps, converts hex values to human-readable formats, and maps message codes to descriptions.

This repository contains a Python-based exploit for CVE-2025-0282, targeting Ivanti's buffer overflow vulnerability to achieve remote code execution (RCE). The exploit crafts a malicious payload to overwrite the return address with `system()`, uploads a PHP web shell, and provides interactive command execution.

The repository claims to be a PoC for CVE-2025-0282, exploiting a buffer overflow in `/dana-na/auth/url_default/welcome.cgi` for RCE via ROP. However, the exploit code is incomplete and requires contacting the author via Telegram for the full version, which is unusual for legitimate PoCs.

This repository contains a Python script that checks for the presence of CVE-2025-0282 by extracting version information from Ivanti Connect Secure, Policy Secure, and ZTA Gateways. It does not exploit the vulnerability but scans for vulnerable versions.

This PoC exploits CVE-2025-0282, a remote unauthenticated stack buffer overflow in Ivanti Connect Secure 22.7r2.4, using a ROP chain to create a privileged admin account. The exploit targets a specific version and leverages SSL/TLS for protocol switching.

This repository provides a Python script to decrypt and parse Ivanti Connect Secure system snapshots for IOCs related to CVE-2025-0282 and other vulnerabilities. It uses YARA rules to detect malware artifacts and parses process lists for suspicious activity.

This is a functional exploit for CVE-2025-0282, a stack-based buffer overflow in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. It achieves remote code execution by overwriting the return address with the address of system() and uploading a web shell for post-exploitation.

This Metasploit module exploits a stack-based buffer overflow in Ivanti Connect Secure (CVE-2025-22457) to achieve unauthenticated remote code execution. It uses heap spraying and ROP chain brute-forcing to bypass ASLR and execute arbitrary commands.