Ivanti Endpoint Manager Vulnerabilities Allow Remote Code Execution Attacks

Ivanti has released critical updates for Ivanti Endpoint Manager (EPM) to address two high-severity remote code execution flaws that affect both the 2024 SU3 and 2022 SU8 branches.

At the time of disclosure, there are no reports of active exploitation in customer environments.

Vulnerability Overview

Two distinct CVE entries, CVE-2025-9712 and CVE-2025-9872, both stem from insufficient filename validation in Ivanti Endpoint Manager before the release of Security Update 1 for the 2024 SU3 branch and Security Update 2 for the 2022 SU8 branch.

An unauthenticated attacker can craft malicious filenames to trigger remote code execution when a user interacts with a specially crafted link or file.

Both vulnerabilities carry a CVSS 3.0 score of 8.8, reflecting their high impact on confidentiality, integrity, and availability.

The root cause in each case is improper sanitization of user-supplied filenames before processing by the Endpoint Manager service.

When a targeted user is tricked into opening or interacting with a manipulated EPM interface—such as via a phishing email or malicious website—the flawed validation allows arbitrary code injection and execution in the context of the EPM service.

CVE Number	CVSS Score (Severity)	CVSS Vector	CWE
CVE-2025-9712	8.8 (High)	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CWE-434
CVE-2025-9872	8.8 (High)	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CWE-434

Impacted Releases and Mitigation

Both vulnerabilities affect:

• Ivanti Endpoint Manager 2022 SU8 Security Update 1 and earlier.
• Ivanti Endpoint Manager 2024 SU3 and earlier.

Ivanti has published Security Update 2 for the 2022 SU8 branch and Security Update 1 for the 2024 SU3 branch.

Customers must install the appropriate update to fully remediate the risk.

Patches are available through the Ivanti License System (ILS) portal and require a user login.

Administrators should verify deployment across all managed servers and endpoints to ensure no legacy versions remain in operation.

It is also critical to note that the 2022 branch will reach End of Life at the end of October 2025, after which it will no longer receive security fixes.

Organizations still running 2022 SU8 should plan an upgrade to the 2024 branch or a supported alternative to maintain security compliance.

Ivanti strongly advises all customers to:

1. Immediately download and apply Ivanti Endpoint Manager 2024 SU3 Security Update 1 or 2022 SU8 Security Update 2 via the ILS portal.
2. Audit existing EPM deployments to confirm the absence of outdated versions and ensure that all endpoints are updated promptly.
3. Remove or upgrade any systems on the 2022 branch before its October 2025 End of Life to avoid unpatched vulnerabilities.
4. Educate users about the danger of interacting with unsolicited links or files, reinforcing phishing awareness and safe computing practices.

By proactively installing these updates and retiring unsupported branches, organizations can substantially reduce the risk of remote code execution attacks against their Endpoint Manager infrastructure.

Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates

The post Ivanti Endpoint Manager Vulnerabilities Allow Remote Code Execution Attacks appeared first on Cyber Security News.