CVE-2025-9712

Summary

Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

Affected Software

VendorProductVersion RangeStatus
IvantiEndpoint Manager2024 SU3 Security Release 1unaffected
IvantiEndpoint Manager2022 SU8 Security Release 2unaffected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References