Ivanti, a prominent enterprise software provider, has issued an urgent security advisory today addressing multiple vulnerabilities in its Endpoint Manager (EPM) products.
The updates for EPM 2024 SU1 and EPM 2022 SU7 resolve six critical and medium-severity flaws that could allow attackers to gain remote access, escalate privileges, or disrupt systems. While no exploitation has been reported, Ivanti is calling on customers to apply the patches immediately.
The vulnerabilities, assigned CVE numbers ranging from CVE-2025-22458 to CVE-2025-22466, carry CVSS scores between 4.8 (Medium) and 8.2 (High). The most severe include:
Other issues involve a denial-of-service risk (CVE-2025-22464), another XSS vulnerability (CVE-2025-22465), and improper certificate validation (CVE-2025-22459) that could expose limited traffic to interception.
Ivanti emphasized that it has no evidence of these vulnerabilities being exploited as of the disclosure date.
The issues were uncovered through its responsible disclosure program, with credit given to Paul Serban of Eviden’s SEC Consult Vulnerability Lab (CVE-2025-22458) and Kevin Salapatek of Trend Micro (CVE-2025-22461).
“We’re not aware of any customers being targeted prior to this announcement,” Ivanti said.
However, the company cautioned that the absence of known exploits doesn’t diminish the need for swift action.
The flaws affect Ivanti EPM 2022 SU6 and earlier, as well as EPM 2024. Ivanti has released fixes in:
Both updates are available for download via the Ivanti Licensing Portal (login required). Customers using older versions are urged to upgrade promptly to mitigate risks.
Ivanti recommends the following steps:
The company reiterated its dedication to security, stating, “We value the contributions of security researchers and the broader community in keeping our customers safe.” More information on its vulnerability disclosure process is available online.
With potential threats ranging from remote code execution to full system compromise, these vulnerabilities underscore the importance of timely patch management. Organizations relying on Ivanti EPM should prioritize these updates to safeguard their environments.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…