Cyber Security News

Ivanti Released Security Update With The Fixes for Critical Endpoint Manager RCE Vulnerabilities

Ivanti, a prominent enterprise software provider, has issued an urgent security advisory today addressing multiple vulnerabilities in its Endpoint Manager (EPM) products.

The updates for EPM 2024 SU1 and EPM 2022 SU7 resolve six critical and medium-severity flaws that could allow attackers to gain remote access, escalate privileges, or disrupt systems. While no exploitation has been reported, Ivanti is calling on customers to apply the patches immediately.

The vulnerabilities, assigned CVE numbers ranging from CVE-2025-22458 to CVE-2025-22466, carry CVSS scores between 4.8 (Medium) and 8.2 (High). The most severe include:

  • CVE-2025-22466 (8.2, High): A reflected cross-site scripting (XSS) flaw that could let an unauthenticated remote attacker seize admin privileges, requiring user interaction.
  • CVE-2025-22458 (7.8, High): A DLL hijacking issue enabling an authenticated local attacker to escalate to SYSTEM-level access.
  • CVE-2025-22461 (7.2, High): An SQL injection vulnerability allowing a remote authenticated admin to execute arbitrary code.

Other issues involve a denial-of-service risk (CVE-2025-22464), another XSS vulnerability (CVE-2025-22465), and improper certificate validation (CVE-2025-22459) that could expose limited traffic to interception.

No Known Exploits Available

Ivanti emphasized that it has no evidence of these vulnerabilities being exploited as of the disclosure date.

The issues were uncovered through its responsible disclosure program, with credit given to Paul Serban of Eviden’s SEC Consult Vulnerability Lab (CVE-2025-22458) and Kevin Salapatek of Trend Micro (CVE-2025-22461).

“We’re not aware of any customers being targeted prior to this announcement,” Ivanti said.

However, the company cautioned that the absence of known exploits doesn’t diminish the need for swift action.

Affected Versions and Solutions

The flaws affect Ivanti EPM 2022 SU6 and earlier, as well as EPM 2024. Ivanti has released fixes in:

  • EPM 2022 SU7
  • EPM 2024 SU1

Both updates are available for download via the Ivanti Licensing Portal (login required). Customers using older versions are urged to upgrade promptly to mitigate risks.

How to Protect Your Systems

Ivanti recommends the following steps:

  1. Apply the Updates: Install EPM 2022 SU7 or 2024 SU1 immediately.
  2. Stay Alert: No specific indicators of compromise exist yet, but monitoring for unusual activity is advised.
  3. Get Support: Contact the Ivanti Success Portal for assistance if needed.

The company reiterated its dedication to security, stating, “We value the contributions of security researchers and the broader community in keeping our customers safe.” More information on its vulnerability disclosure process is available online.

With potential threats ranging from remote code execution to full system compromise, these vulnerabilities underscore the importance of timely patch management. Organizations relying on Ivanti EPM should prioritize these updates to safeguard their environments.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Also Read:

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay approximately…

49 minutes ago

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…

15 hours ago

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…

15 hours ago

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…

15 hours ago

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised…

15 hours ago

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models…

16 hours ago