Nominet Breached Two Weeks Ago: Ivanti Zero-Day CVE-2025-0282 Used to Hit UK Domain Registry
Nominet, the official .UK domain registry, confirmed a network breach occurred approximately two weeks ago. The exploit was tied to an Ivanti VPN zero-day vulnerability.
Commenters zeroed in on the specifics: lemmydev2 stated Nominet was the first known victim of attackers exploiting CVE-2025-0282. The vulnerability is described as a stack-based buffer overflow, granting unauthenticated remote code execution. BrikoX reinforced that Nominet confirmed the breach using the zero-day.
The consensus points to the raw vulnerability: CVE-2025-0282, an RCE exploit in Ivanti products, was the vector. Meanwhile, independent reports noted the number of vulnerable internet-facing Ivanti Connect Secure instances dropped sharply from 2,048 to 800 in just four days.
Key Points
#1The attack targeted the UK domain registry Nominet.
This was confirmed by Nominet's own statements regarding the breach.
#2The core vulnerability is CVE-2025-0282.
lemmydev2 detailed this as a stack-based buffer overflow allowing unauthenticated RCE.
#3Ivanti addressed two issues.
The report noted both CVE-2025-0282 (unauthenticated RCE) and CVE-2025-0283 (local, authenticated privilege escalation).
#4The breach timeframe is specific.
Nominet confirmed the breach took place two weeks prior to the discussion.
#5The threat landscape is rapidly shrinking.
The Shadowserver Foundation reported vulnerable instances dropped from 2,048 down to 800 in four days.
Source Discussions (4)
This report was synthesized from the following Lemmy discussions, ranked by community score.