Ivanti, a prominent enterprise software provider, has issued an urgent security advisory today addressing multiple vulnerabilities in its Endpoint Manager (EPM) products.
The updates for EPM 2024 SU1 and EPM 2022 SU7 resolve six critical and medium-severity flaws that could allow attackers to gain remote access, escalate privileges, or disrupt systems. While no exploitation has been reported, Ivanti is calling on customers to apply the patches immediately.
The vulnerabilities, assigned CVE numbers ranging from CVE-2025-22458 to CVE-2025-22466, carry CVSS scores between 4.8 (Medium) and 8.2 (High). The most severe include:
Other issues involve a denial-of-service risk (CVE-2025-22464), another XSS vulnerability (CVE-2025-22465), and improper certificate validation (CVE-2025-22459) that could expose limited traffic to interception.
Ivanti emphasized that it has no evidence of these vulnerabilities being exploited as of the disclosure date.
The issues were uncovered through its responsible disclosure program, with credit given to Paul Serban of Eviden’s SEC Consult Vulnerability Lab (CVE-2025-22458) and Kevin Salapatek of Trend Micro (CVE-2025-22461).
“We’re not aware of any customers being targeted prior to this announcement,” Ivanti said.
However, the company cautioned that the absence of known exploits doesn’t diminish the need for swift action.
The flaws affect Ivanti EPM 2022 SU6 and earlier, as well as EPM 2024. Ivanti has released fixes in:
Both updates are available for download via the Ivanti Licensing Portal (login required). Customers using older versions are urged to upgrade promptly to mitigate risks.
Ivanti recommends the following steps:
The company reiterated its dedication to security, stating, “We value the contributions of security researchers and the broader community in keeping our customers safe.” More information on its vulnerability disclosure process is available online.
With potential threats ranging from remote code execution to full system compromise, these vulnerabilities underscore the importance of timely patch management. Organizations relying on Ivanti EPM should prioritize these updates to safeguard their environments.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
A federal jury in California has ordered Israeli spyware maker NSO Group to pay approximately…
The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…
As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…
UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…
Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised…
Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models…