Admin security vulnerability threatens Ivanti Endpoint Manager
Several vulnerabilities jeopardize systems with Ivanti Endpoint Manager. Security patches are available for download.
(Image: Tatiana Popova/Shutterstock.com)
Ivanti Endpoint Manager is vulnerable. Attackers can exploit a total of six vulnerabilities that have now been closed. According to the developers, there are currently no indications of attacks.
Man-in-the-middle attack possible
According to a warning message, a Reflected XSS vulnerability (CVE-2025-22466 “high”) is the most dangerous. According to the brief description, a remote attacker can gain admin rights without authentication. To do this, however, a victim must play along. It is not yet clear how this could work in detail.
An already authenticated attacker can gain system rights through a prepared DLL library (CVE-2025-22358 “high”). An SQL gap (CVE-2025-22461 “high”) allows attackers who must already be an admin to execute malicious code.
The remaining vulnerabilities are classified as “medium” threat level. At these points, an attacker can, for example, gain access to connections due to inadequate certificate verification.
Videos by heise
The developers assure that they have closed the vulnerabilities in Ivanti Endpoint Manager versions 2022 SU7 and 2024 SU1.
(des)
