Cyber Security News

Ivanti Released Security Update With The Fixes for Critical Endpoint Manager RCE Vulnerabilities

Ivanti, a prominent enterprise software provider, has issued an urgent security advisory today addressing multiple vulnerabilities in its Endpoint Manager (EPM) products.

The updates for EPM 2024 SU1 and EPM 2022 SU7 resolve six critical and medium-severity flaws that could allow attackers to gain remote access, escalate privileges, or disrupt systems. While no exploitation has been reported, Ivanti is calling on customers to apply the patches immediately.

The vulnerabilities, assigned CVE numbers ranging from CVE-2025-22458 to CVE-2025-22466, carry CVSS scores between 4.8 (Medium) and 8.2 (High). The most severe include:

  • CVE-2025-22466 (8.2, High): A reflected cross-site scripting (XSS) flaw that could let an unauthenticated remote attacker seize admin privileges, requiring user interaction.
  • CVE-2025-22458 (7.8, High): A DLL hijacking issue enabling an authenticated local attacker to escalate to SYSTEM-level access.
  • CVE-2025-22461 (7.2, High): An SQL injection vulnerability allowing a remote authenticated admin to execute arbitrary code.

Other issues involve a denial-of-service risk (CVE-2025-22464), another XSS vulnerability (CVE-2025-22465), and improper certificate validation (CVE-2025-22459) that could expose limited traffic to interception.

No Known Exploits Available

Ivanti emphasized that it has no evidence of these vulnerabilities being exploited as of the disclosure date.

The issues were uncovered through its responsible disclosure program, with credit given to Paul Serban of Eviden’s SEC Consult Vulnerability Lab (CVE-2025-22458) and Kevin Salapatek of Trend Micro (CVE-2025-22461).

“We’re not aware of any customers being targeted prior to this announcement,” Ivanti said.

However, the company cautioned that the absence of known exploits doesn’t diminish the need for swift action.

Affected Versions and Solutions

The flaws affect Ivanti EPM 2022 SU6 and earlier, as well as EPM 2024. Ivanti has released fixes in:

  • EPM 2022 SU7
  • EPM 2024 SU1

Both updates are available for download via the Ivanti Licensing Portal (login required). Customers using older versions are urged to upgrade promptly to mitigate risks.

How to Protect Your Systems

Ivanti recommends the following steps:

  1. Apply the Updates: Install EPM 2022 SU7 or 2024 SU1 immediately.
  2. Stay Alert: No specific indicators of compromise exist yet, but monitoring for unusual activity is advised.
  3. Get Support: Contact the Ivanti Success Portal for assistance if needed.

The company reiterated its dedication to security, stating, “We value the contributions of security researchers and the broader community in keeping our customers safe.” More information on its vulnerability disclosure process is available online.

With potential threats ranging from remote code execution to full system compromise, these vulnerabilities underscore the importance of timely patch management. Organizations relying on Ivanti EPM should prioritize these updates to safeguard their environments.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Also Read:

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

22 hours ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

22 hours ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

22 hours ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

22 hours ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

1 day ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

1 day ago