Breaking
The Acmount P100 5,000A 12V Cordless Car Jump Starter Drops to $29.99 on Amazon
Incoming Heat And Rain
Federal Government Payments Due
Cost of Iran war rises to $29B as US gas prices spike
Conan O’Brien Will Return to Host the Oscars for Third Consecutive Year
Christopher Nolan Confirms Casting Twist for The Odyssey, With One Actor Playing Dual Roles
Christopher Nolan Confirms Casting Twist for The Odyssey, With One Actor Playing Dual Roles
Save Up to $1,000 Off the Asus ROG Flow Z13 Gaming Ultra-Portable Laptop and Tablet Hybrid
Microsoft Patch Tuesday May 2026 – 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws
Fortinet Patches Five Vulnerabilities Across FortiAP, FortiOS, and Enterprise Products
12 May 2026, Tue
Launch Your Site in 5 Minutes
Cyber Security News

Ivanti Patches 13 Critical Vulnerabilities in Endpoint Manager Enabling Remote Code Execution

By rssfeeds-admin No Comments
Ivanti has revealed a batch of thirteen security flaws in its Endpoint Manager (EPM) product line, spanning insecure deserialization, path traversal, and a series of SQL injection weaknesses.

Although there are no reports of active exploitation in the wild, two issues have been classified as high severity, and the remaining eleven as medium.

Ivanti is urging all customers to transition from the now end-of-life EPM 2022 to EPM 2024 and apply interim mitigations until full patches arrive

Assessing the Vulnerabilities

The most critical of the disclosed flaws is CVE-2025-11622, an insecure deserialization vulnerability in EPM 2024 SU3 SR1 and prior that permits a local authenticated user to escalate privileges on the EPM Core server (CVSS 7.8, CWE-502).

The second high-severity issue, CVE-2025-9713, is a path traversal bug that an unauthenticated attacker can exploit for remote code execution, albeit only if a user imports a malicious configuration file into the console UI (CVSS 8.8, CWE-22).

The remaining eleven vulnerabilities are SQL injection flaws scattered across EPM reporting components; remote authenticated users can leverage these to retrieve arbitrary database records (CVSS 6.5, CWE-89).

All fourteen vulnerabilities were responsibly reported by researcher 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044 in collaboration with Trend Micro’s Zero Day Initiative.

CVEDescriptionCVSS (Severity)CWE
CVE-2025-11622Insecure deserialization allows local privilege escalation7.8 (High)CWE-502
CVE-2025-9713Path traversal allows RCE; UI required; unauthenticated8.8 (High)CWE-22
CVE-2025-11623SQL injection allows data read (authenticated)6.5 (Medium)CWE-89
CVE-2025-62392SQL injection allows data read (authenticated)6.5 (Medium)CWE-89
CVE-2025-62390SQL injection allows data read (authenticated)6.5 (Medium)CWE-89
CVE-2025-62389SQL injection allows data read (authenticated)6.5 (Medium)CWE-89
CVE-2025-62388SQL injection allows data read (authenticated)6.5 (Medium)CWE-89
CVE-2025-62387SQL injection allows data read (authenticated)6.5 (Medium)CWE-89
CVE-2025-62385SQL injection allows data read (authenticated)6.5 (Medium)CWE-89
CVE-2025-62391SQL injection allows data read (authenticated)6.5 (Medium)CWE-89
CVE-2025-62383SQL injection allows data read (authenticated)6.5 (Medium)CWE-89
CVE-2025-62386SQL injection allows data read (authenticated)6.5 (Medium)CWE-89
CVE-2025-62384SQL injection allows data read (authenticated)6.5 (Medium)CWE-89

While full patches are slated for EPM 2024 SU4 on November 12, 2025 (addressing insecure deserialization and path traversal) and SU5 in Q1 2026 (covering SQL injection), Ivanti recommends several interim measures.

To reduce risk from CVE-2025-11622, customers on SU3 SR1 should maintain their upgrade path to SU4 and, if unable to upgrade immediately, restrict RDP and high-range TCP port access via a robust firewall.

Administrative privileges should be limited strictly to local EPM operators.

For CVE-2025-9713, organizations must avoid importing any configuration files from untrusted sources; if unavoidable, each file’s contents must undergo thorough manual review.

To mitigate the SQL injection series, administrators can disable the Reporting database user altogether, recognizing that reporting functionality will be suspended until patches are applied.

Ivanti EPM 2022 reached its end of life in October 2025.

Customers are strongly encouraged to migrate to EPM 2024, which incorporates key security improvements and hardening features that reduce exposure to these and future vulnerabilities.

Upgrade planning should factor in the staged release of SU4 and SU5, aligning testing windows and rollback procedures accordingly.

Network segmentation, least-privilege access controls, input validation policies, and regular security audits will further diminish the attack surface during the interim period.

By combining prompt updates with proactive defense-in-depth strategies, organizations can maintain operational stability while safeguarding against potential exploitation.

Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today

The post Ivanti Patches 13 Critical Vulnerabilities in Endpoint Manager Enabling Remote Code Execution appeared first on Cyber Security News.

Discover more from RSS Feeds Cloud

Subscribe to get the latest posts sent to your email.

By rssfeeds-admin

Related Posts

Cyber Security News

Microsoft Patch Tuesday May 2026 – 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws

rssfeeds-admin
Cyber Security News

Fortinet Patches Five Vulnerabilities Across FortiAP, FortiOS, and Enterprise Products

rssfeeds-admin
Cyber Security News

Critical Fortinet FortiSandbox Vulnerability Enables Code Execution Attacks

rssfeeds-admin

You Missed

IGN

The Acmount P100 5,000A 12V Cordless Car Jump Starter Drops to $29.99 on Amazon

Indiana News

Incoming Heat And Rain

Indiana News

Federal Government Payments Due

Tennessee News

Cost of Iran war rises to $29B as US gas prices spike

Discover more from RSS Feeds Cloud

Subscribe now to keep reading and get access to the full archive.

Continue reading