- 266/2025
- Critical
Ivanti has released a security update to fix multiple vulnerabilities across Ivanti Endpoint Manager (EPM).
The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, manipulate data, or execute arbitrary code, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Ivanti Endpoint Manager Cross-Site Scripting Vulnerability (CVE-2025-10573):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Scripting
2. Ivanti Endpoint Manager Code Execution Vulnerability (CVE-2025-13659):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2025-10573
- CVE-2025-13659
- CVE-2025-13661
- CVE-2025-13662
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.