- 12/2025
- Critical
Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products.
The addressed vulnerabilities could allow the attacker to escalate elevated privileges, perform denial of service attacks, bypass security restrictions, obtain sensitive information, or execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Ivanti EPM Path Traversal Vulnerability (CVE-2024-10811):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
2. Ivanti EPM Privilege Escalation Vulnerability (CVE-2024-13164):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Privilege Escalation
The affected products:
- Ivanti Endpoint Manager (EPM).
- Ivanti Application Control.
- Ivanti Avalanche.
- Ivanti Security Controls.
- Ivanti Neurons for App Control.
Vulnerabilities
- CVE-2024-10811
- CVE-2024-13161
- CVE-2024-13170
- CVE-2024-13169
- CVE-2024-13163
- CVE-2024-13162
- CVE-2024-13160
- CVE-2024-13159
- CVE-2024-13158
- CVE-2024-13172
- CVE-2024-13171
- CVE-2024-13168
- CVE-2024-13167
- CVE-2024-13166
- CVE-2024-13165
- CVE-2024-13164
- CVE-2024-10630
- CVE-2024-13179
- CVE-2024-13180
- CVE-2024-13181
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.