Stored XSS Vulnerability in Ivanti Endpoint Manager by Ivanti
CVE-2025-10573

9.6CRITICAL

Key Information:

Vendor

Ivanti
Status
Endpoint Manager
Vendor
CVE Published:
9 December 2025

Badges

πŸ“ˆ Score: 715πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2025-10573?

CVE-2025-10573 is a stored cross-site scripting (XSS) vulnerability found in Ivanti Endpoint Manager, a solution designed to manage and secure endpoints within an organization's IT infrastructure. This vulnerability allows a remote attacker to execute arbitrary JavaScript code within the context of an administrator session. Since the vulnerability requires user interaction, it can be exploited by tricking an administrator into clicking a malicious link or viewing a modified webpage. If successfully exploited, this vulnerability can lead to significant security risks for organizations, including unauthorized access to sensitive data, manipulation of application functionality, and potential compromise of the affected systems.

Potential impact of CVE-2025-10573

  1. Unauthorized Access: The vulnerability allows attackers to run scripts in the context of an administrator session, which could lead to unauthorized access to configuration settings and sensitive information, posing a risk to organizational data integrity.

  2. Data Manipulation: An attacker could exploit this vulnerability to modify how applications operate, potentially leading to the manipulation of critical data within the endpoint management system, disrupting operational procedures.

  3. Increased Attack Surface: By exploiting this vulnerability, threat actors could deploy further attacks, potentially facilitating more severe breaches or the installation of malware, extending the organization's exposure to threats.

Affected Version(s)

Endpoint Manager 2024 SU4 SR1

News Articles

favicon imageRed Hot Cyber

Ivanti Endpoint Manager Vulnerabilities: Update Now to Prevent RCE

Ivanti EPM has critical vulnerabilities, including a 9.6 CVSS XSS flaw. Update now to prevent remote code execution and session hijacking. Learn more.

17 hours ago

favicon imageCybersecurityNews

Ivanti Security Update: Patch for Code Execution Vulnerabilities in Endpoint Manager

Ivanti has officially released urgent security updates for its Endpoint Manager (EPM) solution to address four distinct security flaws.

2 days ago

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM...

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-10573 : Stored XSS Vulnerability in Ivanti Endpoint Manager by Ivanti