Thursday, May 8, 2025
Homecyber securityCISA Added 3 Ivanti Endpoint Manager Bugs to Wildly Exploited Vulnerabilities Catalog

CISA Added 3 Ivanti Endpoint Manager Bugs to Wildly Exploited Vulnerabilities Catalog

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with the addition of three high-risk security flaws affecting Ivanti Endpoint Manager (EPM).

These vulnerabilities, which involve absolute path traversal issues, have been observed being actively exploited in the wild, prompting federal agencies and organizations to implement remediation measures before the deadline.

Critical Path Traversal Vulnerabilities Expose Sensitive Information

The three newly cataloged vulnerabilities CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161 share similar characteristics and impact vectors.

- Advertisement - Google News

All three are classified as absolute path traversal vulnerabilities (CWE-36) that enable remote, unauthenticated attackers to access and exfiltrate sensitive information from affected systems.

These vulnerabilities represent significant security risks as they require no authentication, providing attackers with a straightforward vector to compromise organizational data.

Absolute path traversal vulnerabilities occur when applications fail to properly validate or sanitize user-supplied input that specifies a file path.

In this case, the flaws in Ivanti EPM allow attackers to navigate directory structures outside of intended boundaries, potentially accessing configuration files, credentials, or other sensitive information stored on the system.

Broader Context of Recent CISA Catalog Updates

The Ivanti EPM vulnerabilities were not the only additions to CISA’s KEV catalog in recent updates.

The agency also added other critical vulnerabilities, including two affecting Advantive VeraCore a SQL injection vulnerability (CVE-2025-25181) and an unrestricted file upload vulnerability (CVE-2024-57968).

Earlier in March, vulnerabilities in VMware’s ESXi and Workstation products were also cataloged, highlighting the diverse range of enterprise systems currently facing exploitation.

Federal agencies governed by Binding Operational Directive (BOD) 22-01 are required to apply vendor-provided patches or implement appropriate mitigations for the Ivanti EPM vulnerabilities by March 31, 2025.

Private organizations are strongly encouraged to prioritize these vulnerabilities in their remediation workflows.

CISA’s guidance for all cataloged vulnerabilities follows a consistent pattern: “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable”.

For organizations unable to immediately patch, temporary isolation of affected systems may be necessary while remediation plans are developed.

Organizations should monitor for indicators of compromise related to these vulnerabilities while implementing patches.

The KEV catalog serves as an authoritative source for prioritizing vulnerability management efforts, helping security teams keep pace with evolving threat activity.

CISA maintains the catalog in multiple formats, including CSV and JSON to facilitate integration with security tooling and automated workflows.

As exploitation techniques continue to evolve, organizations should subscribe to CISA’s KEV catalog updates to stay informed about newly discovered exploitation activity affecting their technology stack.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber...

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber...

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...