CVE-2025-0282

Published Jan 8, 2025

Last updated 5 months ago

Exploit knownCVSS critical 9.0
Ivanti
Network
OT

Overview

Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed
Products
connect_secure, neurons_for_zero-trust_access, policy_secure

Risk scores

CVSS 3.1

Type
Primary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Exploit added on
Jan 8, 2025
Exploit action due
Jan 15, 2025
Required action
Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-121
nvd@nist.gov
CWE-787

Social media

Hype score
Not currently trending

  1. Badan Keamanan Siber dan Infrastruktur AS (CISA) telah merilis detail baru tentang RESURGE, sebuah perangkat lunak berbahaya yang digunakan dalam serangan zero-day yang mengeksploitasi CVE-2025-0282 untuk membobol perangkat Ivanti Connect Secure. #quantyxs #hypergaruda #cyber htt

    @Quantyxs

    13 Mar 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Badan Keamanan Siber dan Infrastruktur AS (CISA) telah merilis detail baru tentang RESURGE, sebuah perangkat lunak berbahaya yang digunakan dalam serangan zero-day yang mengeksploitasi CVE-2025-0282 untuk membobol perangkat Ivanti Connect Secure. https://t.co/4P6WCXW4Pt

    @Quantyxs

    13 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-0282 activity just exploded across our sensors. For weeks we saw ~500–1500 tries/day. In the last 48h that jumped to 10k+. When splitting by location, the spike is almost entirely targeting US infrastructure. Likely the vuln was automated or a better PoC is available

    @LupovisDefence

    5 Mar 2026

    200 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  4. #RESURGE implant targets #IvantiConnectSecure via CVE-2025-0282, enabling covert SSH C2 and persistence within the native web server process. Evasion includes forged TLS certs and CRC32 fingerprinting; SPAWNSLOTH used for log tampering. https://t.co/3JkJe6wNCZ

    @MeridianEU

    4 Mar 2026

    112 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CISA Flags RESURGE Malware Exploiting Ivanti Connect Secure Flaw (CVE-2025-0282) CISA warns that RESURGE—an evolved SPAWNCHIMERA variant—leverages CVE-2025-0282 to plant web shells, harvest credentials, manipulate accounts, and persist by copying itself to the boot disk

    @ThreatSynop

    3 Mar 2026

    132 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISA warns RESURGE is exploiting Ivanti Connect Secure CVE-2025-0282 to take over gateways, drop web shells, steal creds, and persist. Patch now, reset credentials, and check for compromise. #CyberSecurity #Malware #Ivanti #CVE #PatchNow #ThreatIntel #Infosec #resurge https://t.c

    @CloneSystemsInc

    3 Mar 2026

    98 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CISA Warns RESURGE Implant Can Hide on Ivanti Connect Secure Until “Called” by the Attacker CISA details the RESURGE Linux LSO implant (`https://t.co/gcalHrqPnP`) used in zero-day exploitation of Ivanti Connect Secure (CVE-2025-0282), designed as a passive C2 that hooks

    @ThreatSynop

    2 Mar 2026

    131 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. https://t.co/Vf22EIYncV

    @blackwired32799

    2 Mar 2026

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CISA reveals RESURGE malware can stay dormant on Ivanti Connect Secure devices, exploiting CVE-2025-0282 with ECC encryption, forged TLS, and SSH tunnels to maintain stealthy, persistent access. #IvantiSecurity #MalwarePersistence #USA https://t.co/p8tqHOVUNm

    @TweetThreatNews

    2 Mar 2026

    190 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. RESURGE Malware Exploits Ivanti Connect Secure (CVE-2025-0282) with Stealth In-Process Backdoor Recent analysis details a malware family dubbed RESURGE targeting compromised Ivanti Connect Secure appliances via CVE-2025-0282. Unlike conventional post-exploitation tooling,

    @VivekIntel

    2 Mar 2026

    30 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Ivanti Connect Secureのゼロデイ脆弱性(CVE-2025-0282)を悪用して侵入するマルウェア「RESURGE」が、侵害を受けた機器ではパッチ適用後も休眠状態で残存しうることが明らかになっています。

    @MalwareBibleJP

    2 Mar 2026

    1338 Impressions

    1 Retweet

    15 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  12. 米CISAが、Ivantiデバイスを標的とするマルウェア「RESURGE」に関する新たな警告を発表しました。 このマルウェアは、Ivanti Connect Secureデバイスに存在するゼロデイ脆弱性「CVE-2025-0282」を悪用した攻撃で使われ

    @omomuki_tech

    1 Mar 2026

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 Ivanti Decides Security Is Purely Optional While Prague Bureaucrats Wait For A Signed Permission Slip Two fresh zero-day vulnerabilities, CVE-2025-0282 and CVE-2025-0283, allow for unauthenticated remote code execution and full system compromise across Ivanti's entire

    @Aftershockindex

    1 Mar 2026

    128 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨🧩 cisa warns resurged malware may persist on ivanti devices CISA details RESURGE implant activity tied to Ivanti zero-day exploitation (CVE-2025-0282). learn more https://t.co/6yl4eGcsa2 #cisa #ivanti #zeroday #threatintel https://t.co/X6825z2Vmj

    @Strivehawk

    28 Feb 2026

    177 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. dormant RESURGE malware on @GoIvanti devices. you're breached, you just don't know it yet. CVE-2025-0282

    @BlackBoxBrief

    28 Feb 2026

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CISA details RESURGE malware exploiting CVE-2025-0282 zero-day on Ivanti Connect Secure devices. Implant stays dormant until triggered by a forged Ivanti cert and specific TLS connection. #RESURGE #IvantiSecurity #USA https://t.co/usLlqK04IR

    @TweetThreatNews

    28 Feb 2026

    189 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🔒 CISA warns that RESURGE malware can be dormant on Ivanti devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282... #Cybersecurity #InfoSec

    @TSM338678716525

    28 Feb 2026

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 CISA: RESURGE Malware Can Lurk Undetected on Ivanti Connect Secure Devices CISA warns the RESURGE implant (tied to exploitation of Ivanti Connect Secure flaw CVE-2025-0282) can remain latent and evade detection until an attacker re-contacts the device, enabling persistent

    @ThreatSynop

    27 Feb 2026

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 CISA: RESURGE Implant May Stay Dormant on Compromised Ivanti Connect Secure Devices CISA warned that the RESURGE malware implant used in attacks exploiting Ivanti Connect Secure (notably CVE-2025-0282) can remain dormant to evade detection and persist across reboots,

    @ThreatSynop

    27 Feb 2026

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. #cyberNEWS The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. https://t.co/UFgvEg6qw3

    @CyberSysblue

    27 Feb 2026

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CISA updates RESURGE malware report, warning the implant exploits CVE-2025-0282 on Ivanti Connect Secure and can stay dormant while using covert network evasion. #Malware https://t.co/LKg3wjrdUt

    @threatcluster

    27 Feb 2026

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. #cybersecurity https://t.co/Ef1rqFNdIB

    @cybertzar

    27 Feb 2026

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CISA warns RESURGE malware can lie dormant on Ivanti devices, exposing zero-day risk via CVE-2025-0282. New details outline how this implant breaches Ivanti Connect Secure. Learn more about the threat and remediation steps in our latest post: https://t.co/Wa0EzHnuZa

    @trubetech

    27 Feb 2026

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. CISA flags RESURGE malware, a dormant threat exploiting Ivanti zero-days (CVE-2025-0282). Stay vigilant! 🚨 🔗 https://t.co/oabZaRllpA #Cybersecurity #Ivanti #Malware #RESURGE #CISA

    @0xT3chn0m4nc3r

    27 Feb 2026

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. RESURGE — Analyse CTI complète disponible. La CISA a substantiellement mis à jour son analyse de l'implant RESURGE ciblant Ivanti Connect Secure (CVE-2025-0282, CVSS 9.0). Les révélations du 26 février 2026 changent l'évaluation de cette menace. Ce qu'il faut retenir : C

    @marcfredericgo

    27 Feb 2026

    102 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  26. RESURGE — Analyse CTI complète disponible. La CISA a substantiellement mis à jour son analyse de l'implant RESURGE ciblant Ivanti Connect Secure (CVE-2025-0282, CVSS 9.0). Les révélations du 26 février 2026 changent l'évaluation de cette menace. Ce qu'il faut retenir : C

    @marcfredericgo

    27 Feb 2026

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🚨 [CRITICAL] Critical RCE Vulnerability in Ivanti Connect Secure (CVE-2025-0282) … 🔴 CVE: CVE-2025-0282, CVE-2025-0283 🕵️ APT: UNC5337 🏭 Sectors: government, finance #mysocAi #CyberSecurityusingAi #Vulnerability #Criticality #ThreatIntel #CyberSecurity #CVE20250

    @MysocAi

    23 Feb 2026

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🚨 CVE-2025-0282 - critical 🚨 Ivanti Connect Secure - Stack-based Buffer Overflow > Ivanti Connect Secure < 22.7R2.5, Ivanti Policy Secure < 22.7R1.2, and Ivanti Neurons... 👾 https://t.co/wp0GSs5YV5 @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    6 Oct 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. #threatreport #LowCompleteness Ivanti Connect Secure CVE-2025-0282 DslogdRAT Analysis | 28-04-2025 Source: https://t.co/XWfOxhlDft Key details below ↓ 💀Threats: Dslogdrat, Cobalt_strike_tool, Connectx, 🎯Victims: Ivanti connect secure gateways 🔓CVEs: CVE-2025-0282 ht

    @rst_cloud

    26 Sept 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. تحذير من @CISAgov برمجية خبيثة جديدة تعرف في Resurge تستغل ثغرة خطيرة في اجهزة Ivanti Connect Secure يلي بتستخدمها شركات ومؤسسات للدخول على شبكاتها عن بعد (VPN) المهاجم ممكن

    @j6_mu

    9 Sept 2025

    201 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  31. Ivanti VPN hack (CVE-2025-0282) hit in Jan 2025, allowing remote code execution. $HOPR’s decentralized mixnet could prevent such attacks by avoiding single points of failure & central logs. Patch systems, use MFA! Details: https://t.co/dHZy4G5UMN. #HOPR #Web3 #privacymatter

    @Sawaya2000

    31 Aug 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    7 Aug 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  33. Hackers! 🧨🔥 [CVE-2025-0282] Python Exploit from Scratch Real RCE with Stealth Shell + Forensic Cleanup 🧠 Post-exploitation included: web shell deployment, log deletion, and stealth hiding Here's the link to the YouTube video Like and subscribe https://t.co/OfkVMFWYIz Hac

    @Z3R0NYX

    5 Aug 2025

    33 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  34. Hackers! 🧨🔥 [CVE-2025-0282] Python Exploit from Scratch Real RCE with Stealth Shell + Forensic Cleanup 🧠 Post-exploitation included: web shell deployment, log deletion, and stealth hiding Here's the link to the YouTube video Like and subscribe https://t.co/OfkVMFWYIz Hac

    @Z3R0NYX

    5 Aug 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  35. محققان امنیت سایبری جزئیات بدافزار جدیدی به نام MDifyLoader را فاش کرده‌اند که در حملات سایبری علیه دستگاه‌های Ivanti Connect Secure (ICS) مشاهده شده است. بر اساس گزارش JPC

    @Teeegra

    21 Jul 2025

    444 Impressions

    0 Retweets

    10 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Cyber attackers exploit CVE-2025-0282 and CVE-2025-22457 to deploy MDifyLoader on Ivanti Connect Secure appliances, enabling in-memory Cobalt Strike payloads via DLL side-loading and open-source tools, leading to stealthy breaches. #EternalBlue #UK https://t.co/QNsllF95ky

    @TweetThreatNews

    18 Jul 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Malware loaders like MDifyLoader exploit Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457, using DLL side-loading and RC4 decryption to run Cobalt Strike Beacons, enabling lateral movement and persistence. #CVE20250282 #Indonesia https://t.co/7wP76r68Cj

    @TweetThreatNews

    18 Jul 2025

    102 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  38. Despite patches being available for months, Japanese authorities report ongoing exploitation of Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457. Attackers deploy malware like DslogdRAT and SPAWNCHIMERA using advanced tactics. #Japa… https://t.co/q0kXMe6gX

    @TweetThreatNews

    18 Jul 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. JPCERT/CC's 増渕 維摩 (Yuma Masubuchi) looks into malware identified in attacks exploiting Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457 from December 2024 to the present. https://t.co/0gL5VBHyzk https://t.co/iWWlVR9X2j

    @virusbtn

    18 Jul 2025

    1703 Impressions

    12 Retweets

    37 Likes

    10 Bookmarks

    0 Replies

    1 Quote

  40. ブログ JPCERT/CC Eyes「Ivanti Connect Secureの脆弱性を起点とした侵害で確認されたマルウェア」を公開。2024年12月から2025年7月現在まで、CVE-2025-0282やCVE-2025-22457を悪用する攻撃者が使用したマルウェア、ツール、攻

    @jpcert

    18 Jul 2025

    7323 Impressions

    26 Retweets

    61 Likes

    16 Bookmarks

    1 Reply

    1 Quote

  41. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    6 Jul 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  42. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    2 Jul 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  43. 🚨 Urgent alert for Ivanti Connect Secure users! CVE-2025-0282 allows unauthenticated remote code execution, risking full control of your VPN. Patch to version 22.7R2.5 immediately and audit your systems. Stay safe! #Cybersecurity #RCE #Ivanti @Sharon https://t.co/fw37MHrQ2n

    @prod42net

    25 Jun 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. #exploit 1. CVE-2025-0282: Stack-based BoF in Ivanti Connect Secure - https://t.co/gg5z4ap4Go 2. CVE-2025-4123: Grafana Path Traversal - https://t.co/0QxWl8iNVO 3. CVE-2025-4275: SecureBoot bypass for UEFI-compatible firmware based on Insyde H2O - https://t.co/l6ppF6bgYS

    @ksg93rd

    11 Jun 2025

    276 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  45. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    18 May 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  46. Stealthy as a cat, deadly as a viper—CVE-2025-0282 is on the prowl. Got your Ivanti patched yet, or leaving the door wide open? What’s your stance? #CyberSecurity #IvantiPatch #HurryUpOrCry #InfoSec https://t.co/TUo0RsN7U3

    @LimitedViewX

    17 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 【注意⚠️】 Ivanti Connect Secureの未修正ゼロデイ(CVE-2025-0282)を狙ったDslogdRATマルウェア攻撃が国内組織で確認。 「パッチ適用して安心」はもう古い?攻撃側の手法を知り、防御を強化する視点が必要🔧 実

    @cyber_risk_d

    7 May 2025

    155 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  48. DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 🚩 https://t.co/DbCfZRA4DQ A new malware strain, DslogdRAT, has been deployed through the exploitation of a now-patched zero-day vulnerability (#CVE-2025-0282) in Ivanti Connect Secure (ICS) VPN appliances. T

    @Huntio

    2 May 2025

    562 Impressions

    4 Retweets

    15 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  49. Actively exploited CVE : CVE-2025-0282

    @transilienceai

    29 Apr 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  50. DslogdRAT Malware Deployed via Ivanti ICS Zero-Day(CVE-2025-0282) in Japan Attacks https://t.co/bj5Hws5mkl https://t.co/2POtc1ZesO

    @freedomhack101

    29 Apr 2025

    141 Impressions

    0 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Qualcomm Multiple Chipsets Memory Corruption VulnerabilityCVE-2026-21385
  2. n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.CVE-2026-27577
  3. Broadcom VMware Aria Operations Command Injection VulnerabilityCVE-2026-22719
  4. Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in the `/api/socket` endpoint. The application fails to validate the `Origin` header during the WebSocket handshake. This allows a remote attacker to bypass the Same Origin Policy (SOP) and establish a full-duplex WebSocket connection using a legitimate user's credentials (JSESSIONID). As of time of publication, it is unclear whether a fix is available.CVE-2025-68930
  5. Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue.CVE-2025-67733

References

Sources include official advisories and independent security research.