Statement on CVE 2025-0282 Ivanti Connect Secure Policy Secure & ZTA Gateways

February 7, 2025

Information

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Risk

Not Applicable

Response

Melissa Data Corporation (“Melissa”) was not impacted by the Ivanti vulnerabilities as we do not utilize Ivanti Connect Secure for any Melissa commercial web services or products.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.