The flaws, if exploited, pose significant risks to enterprise environments by potentially allowing malicious code execution or data tampering.
The most recent issue, tracked as CVE-2025-10918, stems from insecure default permissions in the Endpoint Manager agent versions prior to 2024 SU4.
This vulnerability carries a CVSS score of 7.1 (High), with a vector of CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H, and aligns with CWE-276 for incorrect default permissions. Attackers with local authenticated access could leverage it to overwrite critical files, escalating privileges or disrupting operations.
Ivanti also patched two previously disclosed vulnerabilities from October 2025: CVE-2025-9713 and CVE-2025-11622. While specific details on these were not reiterated in the latest advisory, they contribute to the same arbitrary file write threat model.
Importantly, Ivanti reports no known customer exploitation of any of these issues at the time of disclosure, crediting its responsible disclosure program for early detection.
Affected systems include Ivanti Endpoint Manager 2024 SU3 SR1 and earlier versions. The fixes are available in the newly released 2024 SU4 update, downloadable via Ivanti’s License System portal for eligible customers.
Users on the older 2022 branch face a harder road: that version reached end-of-life at the end of October 2025, so no patches will be issued. Organizations must upgrade to 2024 SU4 to mitigate risks.
| CVE Number | Description | CVSS Score (Severity) | Attack Requirements | Potential Impact |
|---|---|---|---|---|
| CVE-2025-10918 | Insecure default permissions in the agent allow a local authenticated attacker to write arbitrary files anywhere on disk. | 7.1 (High) | Local authenticated access. | File tampering, privilege escalation via overwrites. |
| CVE-2025-9713 | Path traversal allows a remote unauthenticated attacker to achieve remote code execution, enabling arbitrary file writes; user interaction required. | 8.8 (High) | Remote unauthenticated, user interaction (e.g., malicious file import). | RCE leading to full system compromise and file manipulation. |
| CVE-2025-11622 | Insecure deserialization allows a local authenticated attacker to escalate privileges, facilitating arbitrary file writes post-escalation. | 7.8 (High) | Local authenticated access. | Privilege escalation enabling broader file access and execution. |
Ivanti extends its thanks to security researcher Enrique Fernández Lorenzo, known as bighound, for responsibly reporting CVE-2025-10918. The company emphasizes its commitment to vulnerability disclosure, inviting ethical hackers to engage through its policy.
For those assessing exposure, Ivanti notes no public indicators of compromise exist yet, as exploitation remains undetected. Administrators should prioritize patching to safeguard endpoint management integrity. With cyber threats evolving rapidly, timely updates remain a cornerstone of defense in managed IT ecosystems.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Arbitrary Files to Disk appeared first on Cyber Security News.
Christopher Nolan has confirmed a casting twist for his upcoming “mythic action epic,” The Odyssey.…
Christopher Nolan has confirmed a casting twist for his upcoming “mythic action epic,” The Odyssey.…
For this week only, Best Buy is offering a rare deal on a compact convertible…
Microsoft’s May 2026 Patch Tuesday lands with a heavy enterprise focus, fixing 120 vulnerabilities across…
Fortinet released security advisories on May 12, 2026, addressing five vulnerabilities spanning its wireless access…
A critical security flaw in Fortinet’s FortiSandbox platform is putting enterprise networks at serious risk,…
This website uses cookies.