Ivanti, a prominent provider of IT asset and endpoint management solutions, has recently disclosed 13 vulnerabilities within its Endpoint Manager (EPM) software. Among these, two high-severity flaws stand out due to their potential to enable remote code execution and privilege escalation. The company is urging its customers to implement recommended mitigations promptly, as patches are currently under development.
Overview of the Vulnerabilities
The identified vulnerabilities encompass a range of issues, including path traversal, insecure deserialization, and multiple SQL injection flaws. These security gaps could be exploited by attackers to gain unauthorized access, execute arbitrary code, or escalate privileges within affected systems.
High-Severity Vulnerabilities
1. CVE-2025-9713: Path Traversal Leading to Remote Code Execution
– Description: This vulnerability is a path traversal issue that allows unauthenticated remote attackers to execute arbitrary code on the EPM Core server.
– Severity: High (CVSS Score: 8.8)
– Technical Details: The flaw arises from inadequate input validation during the importation of configuration files. By crafting malicious files, attackers can exploit this weakness to upload and execute harmful payloads on the server.
2. CVE-2025-11622: Insecure Deserialization Allowing Privilege Escalation
– Description: This vulnerability involves insecure deserialization that permits local authenticated users to escalate their privileges.
– Severity: High (CVSS Score: 7.8)
– Technical Details: The issue stems from improper handling of serialized data, enabling attackers to manipulate objects during deserialization. This manipulation can lead to unauthorized access to sensitive system resources.
Medium-Severity Vulnerabilities
The remaining 11 vulnerabilities are SQL injection flaws, each with a CVSS score of 6.5. These vulnerabilities allow remote authenticated attackers to read arbitrary data from the database without additional user interaction. The specific CVE identifiers for these flaws are:
– CVE-2025-11623
– CVE-2025-62392
– CVE-2025-62390
– CVE-2025-62389
– CVE-2025-62388
– CVE-2025-62387
– CVE-2025-62385
– CVE-2025-62391
– CVE-2025-62383
– CVE-2025-62386
– CVE-2025-62384
Mitigation Strategies
While official patches are being developed, Ivanti has provided interim mitigation measures to help organizations protect their systems:
– For CVE-2025-11622 (Insecure Deserialization):
– Implement firewall rules to whitelist specific TCP ports, effectively blocking high-range ports that could be exploited.
– Restrict access to the Core server, allowing only local EPM administrators to connect.
– For CVE-2025-9713 (Path Traversal):
– Avoid importing configuration files from untrusted sources.
– Thoroughly vet any necessary configuration files before importation to minimize risk.
– For SQL Injection Vulnerabilities:
– Remove the Reporting database user to mitigate the risk of SQL injection attacks.
– Be aware that this action will disable analytics features; assess the trade-off based on organizational needs.
Additionally, Ivanti recommends upgrading to EPM version 2024 SU3 SR1 or later, as these versions include enhanced security measures that reduce the viability of exploits targeting these vulnerabilities.
Importance of Prompt Action
Ivanti’s proactive disclosure of these vulnerabilities underscores the critical importance of transparency in cybersecurity. By informing customers ahead of patch releases, organizations can take immediate steps to mitigate potential threats. This approach is particularly vital given the increasing targeting of endpoint management tools by cyber attackers aiming for supply chain compromises.
Organizations are advised to conduct thorough audits of their EPM deployments, implement the recommended mitigations, and stay informed about the availability of official patches. Regularly consulting Ivanti’s Success Portal and other official channels will provide the latest guidance and support.
Conclusion
The disclosure of these 13 vulnerabilities in Ivanti’s Endpoint Manager highlights the ever-present need for vigilance in cybersecurity. By understanding the nature of these vulnerabilities and implementing the recommended mitigations, organizations can significantly reduce their risk exposure. As patches become available, prompt application will further strengthen defenses against potential exploits.
