Bundle - Security Advisory April 2025 for Ivanti EPM 2024 and EPM 2022 SU6

Security Advisory April 2025 for Ivanti EPM 2024 and EPM 2022 SU6

Created on 2025-05-13 08:52, updated on 2025-05-13 08:52, by Alexandre Dulaunoy

JSON

Description

Security Advisory Ivanti EPM 2022 SU6 and EPM 2024 (Multiple CVEs)

Summary

Ivanti has released updates for Ivanti Endpoint Manager which addresses medium and high vulnerabilities.

We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.

ding

CVE Number	Description	CVSS Score (Severity)	CVSS Vector	CWE
CVE-2025-22464	An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.	6.1 (Medium)	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H	CWE-822
CVE-2025-22465	Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required.	6.1 (Medium)	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	CWE-79
CVE-2025-22466	Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.	8.2 (High)	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N	CWE-79
CVE-2025-22458	DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.	7.8 (High)	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	CWE-427
CVE-2025-22459	Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.	4.8 (Medium)	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N	CWE-296
CVE-2025-22461	SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.	7.2 (High)	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	CWE-89

Ref: https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US

Vulnerabilities included in this bundle

Combined detection rules

Detection rules are retrieved from Rulezet.

Combined sightings

Author	Vulnerability	Source	Type	Date