CVE-2025-22459

Summary

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.

Affected Software

VendorProductVersion RangeStatus
IvantiEndpoint Manager2024 SU1unaffected
IvantiEndpoint Manager2022 SU7unaffected

Weaknesses

  • CWE-296: CWE-296: Improper Following of a Certificate's Chain of Trust

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References