Ivanti has released critical security updates for Ivanti Endpoint Manager to address three high-severity vulnerabilities that could allow authenticated attackers to write arbitrary files to any location on affected systems.
The company disclosed the security advisory on November 10, 2025, with the latest patch becoming available immediately.
| CVE Number | Description | CVSS Score | Severity |
|---|---|---|---|
| CVE-2025-10918 | Insecure default permissions in agent allowing arbitrary file writes | 7.1 | High |
| CVE-2025-9713 | Previously disclosed (October 2025) | Varies | High |
| CVE-2025-11622 | Previously disclosed (October 2025) | Varies | High |
The most concerning vulnerability is CVE-2025-10918, which stems from insecure default permissions in the agent component of Ivanti Endpoint Manager.
This flaw could allow local authenticated attackers to execute arbitrary file writes across the entire system disk, potentially compromising system integrity and enabling further attacks.
CVE-2025-10918 carries a CVSS score of 7.1, classifying it as a high-severity threat.
The vulnerability uses the CVSS vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A: H, indicating that exploitation requires local access with low complexity and low privilege requirements.
The vulnerability is tracked under CWE-276, which concerns improper default file permissions.
Two additional vulnerabilities, CVE-2025-9713 and CVE-2025-11622, were also addressed in this advisory and were previously disclosed in October 2025.
These issues were outstanding from the previous month’s security releases and have now been fully resolved with the latest patch.
The vulnerability affects Ivanti Endpoint Manager versions 2024 SU3 SR1 and earlier. Ivanti has released Endpoint Manager 2024 SU4 to resolve all identified issues.
Patches are now available through the Ivanti License System (ILS) download portal, which requires user authentication.
Ivanti confirmed that, at the time of disclosure, the company was not aware of any customers who were actively exploiting these vulnerabilities.
However, organizations are urged to implement the patches as soon as possible to mitigate potential attack risks.
Customers running the older 2022 branch should be aware that Ivanti discontinued support for this version at the end of October 2025.
The company will not release patches for the EOL branch, meaning affected users must upgrade to version 2024 SU4 to resolve these security issues. This mandatory upgrade underscores the importance of keeping software up to date.
Organizations running vulnerable versions of Ivanti Endpoint Manager should prioritize deploying the 2024 SU4 update immediately.
The ability to write arbitrary files on systems poses a significant security risk, potentially leading to malware installation, privilege escalation, and complete system compromise.
Ivanti acknowledged security researcher Enrique Fernández Lorenzo (aka bighound) for responsibly disclosing CVE-2025-10918 and collaborating with the company to protect customers.
The company maintains a vulnerability disclosure policy encouraging the security community to report issues through proper channels.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.