Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Endpoint Manager  Security Vulnerabilities
CVE-2025-13661
Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.
CVSS Score
7.1
EPSS Score
0.004
Published
2025-12-09
CVE-2025-13662
Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-09
CVE-2025-13659
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-12-09
CVE-2025-10573
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
CVSS Score
9.6
EPSS Score
0.0
Published
2025-12-09
CVE-2025-10918
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk
CVSS Score
7.1
EPSS Score
0.0
Published
2025-11-11
CVE-2025-62388
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-13
CVE-2025-62389
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-13
CVE-2025-62390
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-13
CVE-2025-62391
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-13
CVE-2025-62392
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved