Ivanti
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Ivanti product.
RSS Feeds for Ivanti security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Ivanti products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Ivanti Sorted by Most Security Vulnerabilities since 2018
Known Exploited Ivanti Vulnerabilities
The following Ivanti vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability |
Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library. CVE-2025-4427 Exploit Probability: 91.8% |
May 19, 2025 |
| Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability |
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library. CVE-2025-4428 Exploit Probability: 45.4% |
May 19, 2025 |
| Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability |
Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. CVE-2025-22457 Exploit Probability: 76.9% |
April 4, 2025 |
| Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability |
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. CVE-2024-13159 Exploit Probability: 93.9% |
March 10, 2025 |
| Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability |
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. CVE-2024-13160 Exploit Probability: 92.0% |
March 10, 2025 |
| Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability |
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. CVE-2024-13161 Exploit Probability: 89.7% |
March 10, 2025 |
| Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability |
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. CVE-2025-0282 Exploit Probability: 94.1% |
January 8, 2025 |
| Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability |
Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements. CVE-2024-9379 Exploit Probability: 81.7% |
October 9, 2024 |
| Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability |
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. CVE-2024-9380 Exploit Probability: 87.4% |
October 9, 2024 |
| Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability |
Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code. CVE-2024-29824 Exploit Probability: 94.1% |
October 2, 2024 |
| Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability |
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account. CVE-2024-7593 Exploit Probability: 94.4% |
September 24, 2024 |
| Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability |
Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance. CVE-2024-8963 Exploit Probability: 94.2% |
September 19, 2024 |
| Ivanti Cloud Services Appliance OS Command Injection Vulnerability |
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. CVE-2024-8190 Exploit Probability: 91.6% |
September 13, 2024 |
| Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability |
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody). CVE-2021-44529 Exploit Probability: 94.5% |
March 25, 2024 |
| Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability |
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication. CVE-2024-21893 Exploit Probability: 94.3% |
January 31, 2024 |
| Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability |
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application. CVE-2023-35082 Exploit Probability: 94.4% |
January 18, 2024 |
| Ivanti Connect Secure and Policy Secure Command Injection Vulnerability |
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue. CVE-2024-21887 Exploit Probability: 94.4% |
January 10, 2024 |
| Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability |
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability. CVE-2023-46805 Exploit Probability: 94.3% |
January 10, 2024 |
| Ivanti Sentry Authentication Bypass Vulnerability |
Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. CVE-2023-38035 Exploit Probability: 94.4% |
August 22, 2023 |
| Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability |
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078, bypassing administrator authentication and ACLs restrictions (if applicable). CVE-2023-35081 Exploit Probability: 92.4% |
July 31, 2023 |
Of the known exploited vulnerabilities above, 18 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 2 known exploited Ivanti vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Ivanti Vulnerabilities
Based on the current exploit probability, these Ivanti vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2023-35078 | 94.5% | Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability |
| 2 | CVE-2021-44529 | 94.5% | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability |
| 3 | CVE-2023-38035 | 94.4% | Ivanti Sentry Authentication Bypass Vulnerability |
| 4 | CVE-2024-7593 | 94.4% | Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability |
| 5 | CVE-2023-35082 | 94.4% | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability |
| 6 | CVE-2024-21887 | 94.4% | Ivanti Connect Secure and Policy Secure Command Injection Vulnerability |
| 7 | CVE-2020-15505 | 94.4% | MobileIron Core, Connector, Sentry, and RDM Remote Code Execution Vulnerability |
| 8 | CVE-2023-46805 | 94.3% | Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability |
| 9 | CVE-2024-21893 | 94.3% | Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability |
| 10 | CVE-2024-8963 | 94.2% | Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability |
By the Year
In 2025 there have been 85 vulnerabilities in Ivanti with an average score of 6.9 out of ten. Last year, in 2024 Ivanti had 177 security vulnerabilities published. Right now, Ivanti is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.86
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 85 | 6.86 |
| 2024 | 177 | 7.72 |
| 2023 | 60 | 8.61 |
| 2022 | 14 | 7.11 |
| 2021 | 27 | 8.20 |
| 2020 | 27 | 6.77 |
| 2019 | 28 | 7.59 |
| 2018 | 9 | 7.40 |
It may take a day or so for new Ivanti vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ivanti Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-10918 | Nov 11, 2025 |
Ivanti Endpoint Manager Agent Perms Flaw Allows Arbitrary File WriteInsecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk |
Endpoint Manager
|
| CVE-2025-10986 | Oct 14, 2025 |
Path Traversal: Ivanti EPMM <12.6.0.2 Admin Path Write VulnerabilityPath traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk. |
Endpoint Manager Mobile
|
| CVE-2025-10985 | Oct 14, 2025 |
OS Command Injection in Ivanti EPMM <=12.6.0.2 Admin PanelOS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
Endpoint Manager Mobile
|
| CVE-2025-10243 | Oct 14, 2025 |
Ivanti EPMM OS Command Injection (Admin Panel) <12.6.0.2,12.5.0.4,12.4.0.4OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
Endpoint Manager Mobile
|
| CVE-2025-10242 | Oct 14, 2025 |
Remote CMD Injection in Ivanti EPMM Admin (12.6.0.2)OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
Endpoint Manager Mobile
|
| CVE-2025-62384 | Oct 13, 2025 |
SQLi in Ivanti Endpoint Manager Remote Auth Data LeakSQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
Endpoint Manager
|
| CVE-2025-62386 | Oct 13, 2025 |
SQL Injection in Ivanti Endpoint Manager allows data exfiltrationSQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
Endpoint Manager
|
| CVE-2025-62383 | Oct 13, 2025 |
SQLi in Ivanti Endpoint Manager Enables Data ExfiltrationSQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
Endpoint Manager
|
| CVE-2025-62391 | Oct 13, 2025 |
SQLi in IVANTI Endpoint Manager allows remote auth attacker read DBSQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
Endpoint Manager
|
| CVE-2025-62385 | Oct 13, 2025 |
Remote Authenticated SQL Injection in Ivanti Endpoint ManagerSQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
Endpoint Manager
|
| CVE-2025-62387 | Oct 13, 2025 |
SQLi in Ivanti Endpoint Manager Allows Authenticated Data ReadSQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
Endpoint Manager
|
| CVE-2025-62388 | Oct 13, 2025 |
SQLi in Ivanti Endpoint Manager allows remote authenticated data readSQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
Endpoint Manager
|
| CVE-2025-62389 | Oct 13, 2025 |
Ivanti Endpoint Manager SQLi: Remote Auth Att Read DB DataSQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
Endpoint Manager
|
| CVE-2025-62390 | Oct 13, 2025 |
CVE-2025-62390: SQLi in Ivanti Endpoint Manager reading DB dataSQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
Endpoint Manager
|
| CVE-2025-62392 | Oct 13, 2025 |
SQL injection in Ivanti Endpoint Manager allows remote authenticated data exfiltrationSQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
Endpoint Manager
|
| CVE-2025-11623 | Oct 13, 2025 |
SQLi in Ivanti Endpoint Manager Web UI allows Authenticated Data ReadSQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
Endpoint Manager
|
| CVE-2025-9713 | Oct 13, 2025 |
CVE-2025-9713: Path Traversal/Remote Code Execution in Ivanti Endpoint ManagerPath traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. |
Endpoint Manager
|
| CVE-2025-11622 | Oct 13, 2025 |
Ivanti Endpoint Manager Insecure Deserialization Enables Local Auth EscalationInsecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges. |
Endpoint Manager
|
| CVE-2025-8297 | Aug 12, 2025 |
IVANTI AVALANCHE RCE via Incomplete Config Restriction before v6.4.8.8008Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution |
Avalanche
|
| CVE-2025-8296 | Aug 12, 2025 |
SQL Injection RCE in Ivanti Avalanche v<6.4.8.8008SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution |
Avalanche
|
| CVE-2025-5468 | Aug 12, 2025 |
CVE-2025-5468 Local Auth File Read via Symlink in Ivanti Connect Secure <=22.8Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk. |
Connect Secure
|
| CVE-2025-5456 | Aug 12, 2025 |
Ivanti Connect Secure & Policy Secure Buffer Over-Read DoS (CVE-2025-5456)A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125 |
Connect Secure
|
| CVE-2025-5462 | Aug 12, 2025 |
Ivanti Connect Secure DoS via Heap Buffer Overflow before 22.8R2A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. |
Connect Secure
|
| CVE-2025-5466 | Aug 12, 2025 |
XEE-induced DoS in Ivanti Connect Secure pre-22.7R2.8 & related productsXEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service |
Connect Secure
|
| CVE-2023-38036 | Jul 12, 2025 |
Ivanti Avalanche Manager <6.4.1 Buffer Overflow Causing ExploitsA security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution. |
Avalanche
|
| CVE-2024-38648 | Jul 12, 2025 |
Ivanti DSM Hardcoded Secret <2024.2 Enables Credential DecryptionA hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials. |
Desktop Server Management
|
| CVE-2023-39339 | Jul 12, 2025 |
Ivanti Policy Secure <22.6R1 - Auth Admin File ReadA vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request. |
Policy Secure
|
| CVE-2025-6771 | Jul 08, 2025 |
OS Command Injection CVE-2025-6771 in Ivanti EPMM <12.5.0.2 (12.4.0.3,12.3.0.3)OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution |
Endpoint Manager Mobile
|
| CVE-2025-0293 | Jul 08, 2025 |
CVE-2025-0293 CLRF Injection in Ivanti Connect Secure <22.7R2.8 writes configCLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk. |
Connect Secure
Policy Secure |
| CVE-2025-5464 | Jul 08, 2025 |
Ivanti Connect Secure <22.7R2.8: Local Auth Can Log Sensitive InfoInsertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information. |
Connect Secure
|
| CVE-2025-0292 | Jul 08, 2025 |
SSRF in Ivanti Connect Secure <22.7R2.8 / Ivanti Policy Secure <22.7R1.5SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services. |
Connect Secure
Policy Secure |
| CVE-2025-6995 | Jul 08, 2025 |
Ivanti Endpoint Manager Agent Improper Encryption Decrypts User PasswordsImproper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users passwords. |
Endpoint Manager
|
| CVE-2025-6770 | Jul 08, 2025 |
CVE-2025-6770: OS Command Injection in Ivanti EPMM <12.5.0.2OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution |
Endpoint Manager Mobile
|
| CVE-2025-5450 | Jul 08, 2025 |
Improper ATC in Ivanti Connect Secure (<22.7R2.8) & Policy Secure (<22.7R1.5)Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted. |
Connect Secure
Policy Secure |
| CVE-2025-5451 | Jul 08, 2025 |
Stack Overflow in Ivanti Connect Secure<22.7R2.8 & Policy Secure<22.7R1.5, Admin DoSA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service. |
Connect Secure
Policy Secure |
| CVE-2025-5463 | Jul 08, 2025 |
Sensitive info in logs in Ivanti Connect Secure <22.7R2.8 (CVE-2025-5463)Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information. |
Connect Secure
Policy Secure |
| CVE-2025-6996 | Jul 08, 2025 |
Ivanti Endpoint Manager Agent Improper Encryption Decrypts PasswordsImproper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users passwords. |
Endpoint Manager
|
| CVE-2025-7037 | Jul 08, 2025 |
Remote Auth SQLi in Ivanti Endpoint Manager <2024 SU3SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database |
Endpoint Manager
|
| CVE-2025-22455 | Jun 10, 2025 |
Ivanti Workspace Control <10.19: Hardcoded Key Decrypts SQL creds LocallyA hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. |
Workspace Control
|
| CVE-2025-22463 | Jun 10, 2025 |
Local Auth Decrypt via Hardcoded Key in Ivanti Workspace Control <10.19.10.0A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password. |
Workspace Control
|
| CVE-2025-5353 | Jun 10, 2025 |
Ivanti Workspace Control <10.19.10.0 Hardcoded Key Decrypts SQL CredentialsA hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. |
Workspace Control
|
| CVE-2025-22462 | May 13, 2025 |
Ivanti Neurons ITSM Auth Bypass pre 2023.4/2024.2/3 – Remote Admin AccessAn authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system. |
Neurons For Itsm
|
| CVE-2025-4428 | May 13, 2025 |
RCE in API of Ivanti Endpoint Manager Mobile <=12.5 via Authenticated API CallsRemote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. |
Endpoint Manager Mobile
|
| CVE-2025-4427 | May 13, 2025 |
API Auth Bypass in Ivanti Endpoint Manager Mobile <12.5.0.0An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. |
Endpoint Manager Mobile
|
| CVE-2025-22460 | May 13, 2025 |
Default Creds in Ivanti Cloud Services App <5.0.5 – Local Auth EscalationDefault credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. |
Cloud Services Appliance
|
| CVE-2025-22464 | Apr 08, 2025 |
Ivanti Endpoint Manager: Local Pointer Dereference DoS (CVE-2025-22464)An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition. |
Endpoint Manager
|
| CVE-2025-22466 | Apr 08, 2025 |
Reflected XSS in Ivanti Endpoint Mgr Enables Unauth Admin PrivsReflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. |
Endpoint Manager
|
| CVE-2025-22461 | Apr 08, 2025 |
SQL Injection in Ivanti Endpoint Manager allows remote code executionSQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution. |
Endpoint Manager
|
| CVE-2025-22459 | Apr 08, 2025 |
CVE-2025-22459: Improper Cert Validation in Ivanti Endpoint ManagerImproper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers. |
Endpoint Manager
|
| CVE-2025-22458 | Apr 08, 2025 |
DLL Hijacking in Ivanti Endpoint Manager Enables Authenticated System EscalationDLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System. |
Endpoint Manager
|