CVE-2025-22458

Summary

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.

Affected Software

VendorProductVersion RangeStatus
IvantiEndpoint Manager2024 SU1unaffected
IvantiEndpoint Manager2022 SU7unaffected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References