Update KEV: Thu Jan 9 00:11:35 UTC 2025

aboutcode-automation · aboutcode-automation · commit c473615dd5ef · 2025-01-09T00:11:35.000Z
Signed-off-by: AboutCode Automation &lt;automation@aboutcode.org&gt;
diff --git a/known_exploited_vulnerabilities.json b/known_exploited_vulnerabilities.json
@@ -1,9 +1,24 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.01.07",
-    "dateReleased": "2025-01-07T15:00:38.3276Z",
-    "count": 1242,
+    "catalogVersion": "2025.01.08",
+    "dateReleased": "2025-01-08T23:14:48.1212Z",
+    "count": 1243,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-0282",
+            "vendorProject": "Ivanti",
+            "product": "Connect Secure, Policy Secure, and ZTA Gateways",
+            "vulnerabilityName": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",
+            "dateAdded": "2025-01-08",
+            "shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.",
+            "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.",
+            "dueDate": "2025-01-15",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0282",
+            "cwes": [
+                "CWE-121"
+            ]
+        },
         {
             "cveID": "CVE-2020-2883",
             "vendorProject": "Oracle",
