Ivanti has released security updates to address two high-severity vulnerabilities in its Endpoint Manager (EPM) software that could allow remote code execution. The vulnerabilities, tracked as CVE-2025-9712 and CVE-2025-9872, affect multiple versions of the product.
The company has stated that it is not aware of any active exploitation of these flaws in the wild at the time of disclosure.
Both CVE-2025-9712 and CVE-2025-9872 have been assigned a CVSS score of 8.8 out of 10.0, categorizing them as high-severity. The root cause of both flaws is an insufficient filename validation weakness, cataloged as CWE-434 (Unrestricted Upload of File with Dangerous Type).
This type of vulnerability can allow an attacker to upload a file with a malicious or unexpected type, which can then be executed on the target system.
For a successful attack, a remote, unauthenticated threat actor would need to trick a user into interacting with a specially crafted file. This user interaction is a critical prerequisite for exploitation.
If an attacker successfully exploits either vulnerability, they could achieve remote code execution (RCE) on the affected system, granting them the ability to compromise the confidentiality, integrity, and availability of the system.
The CVSS vector, AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, confirms that the attack can be launched remotely over a network, requires low complexity, needs no privileges, but depends on user interaction.
Affected Versions and Patches
The vulnerabilities impact Ivanti Endpoint Manager versions 2022 SU8 Security Update 1 and prior, as well as 2024 SU3 and prior versions. Ivanti has made patches available to resolve these issues.
Administrators are strongly advised to upgrade to the following secure versions: Ivanti Endpoint Manager 2022 SU8 Security Update 2 and Ivanti Endpoint Manager 2024 SU3 Security Update 1. The security updates can be accessed through the Ivanti License System portal.
Certainly, here is a table detailing the affected and patched versions of Ivanti Endpoint Manager.
| Product Name | Affected Version(s) | Patched Version(s) |
|---|---|---|
| Ivanti Endpoint Manager | 2024 SU3 and prior | 2024 SU3 Security Update 1 |
| Ivanti Endpoint Manager | 2022 SU8 Security Update 1 and prior | 2022 SU8 Security Update 2 |
Adding a layer of urgency, Ivanti has reminded customers that the 2022 product branch is scheduled to reach its End of Life (EOL) at the end of October 2025.
Organizations still using this branch are encouraged not only to apply the immediate security fix but also to plan a migration to a fully supported version to continue receiving security updates and technical support.
Ivanti has confirmed that these vulnerabilities were reported through its responsible disclosure program. The company credited a researcher, identified as “06fe5fd2bc53027c4a3b7e395af0b850e7b8a044,” working with Trend Micro’s Zero Day Initiative for discovering and reporting both flaws. Because the issues were disclosed responsibly, Ivanti has not found any evidence of active exploitation or compromise.
Consequently, there are no specific indicators of compromise (IoCs) available for administrators to search for. Despite the absence of known attacks, administrators are urged to apply the patches promptly, as threat actors often reverse-engineer security updates to develop exploits for unpatched systems.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
