- 227/2025
- High
Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, gain elevated privileges, manipulate data, obtain sensitive information, or execute arbitrary code, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Ivanti Endpoint Manager Path Traversal Vulnerability (CVE-2025-9713):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
2. Security Advisory Endpoint Manager Mobile (EPMM) Command Injection Vulnerability (CVE-2025-10242):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
The Affected Products:
- Ivanti Endpoint Manager Mobile (EPMM) versions 12.6.0.1, 12.5.0.2, 12.4.0.3 and all prior.
- Ivanti Neurons for MDM R118 and prior.
- Ivanti Endpoint Manager versions 2022 SU8 SR2 and prior.
- Ivanti Endpoint Manager versions 2024 SU3 SR1 and prior.
Vulnerabilities
- CVE-2025-10242
- CVE-2025-10243
- CVE-2025-10985
- CVE-2025-10986
- CVE-2025-11622
- CVE-2025-9713
- CVE-2025-11623
- CVE-2025-62392
- CVE-2025-62385
- CVE-2025-62386
- CVE-2025-62390
- CVE-2025-62389
- CVE-2025-62391
- CVE-2025-62384
- CVE-2025-62388
- CVE-2025-62387
- CVE-2025-62383
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.