Path Traversal Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2025-10986

4.7MEDIUM

Key Information:

Vendor: Ivanti
Status: Endpoint Manager Mobile
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-10986?

A path traversal vulnerability exists in the admin panel of Ivanti Endpoint Manager Mobile (EPMM) prior to specified versions. This flaw allows remote authenticated attackers with admin privileges to write data to unintended locations on the disk, potentially compromising system integrity and data confidentiality. It is crucial for administrators to upgrade to the patched versions to mitigate this risk.

Affected Version(s)

Endpoint Manager Mobile 12.6.0.2

Endpoint Manager Mobile 12.5.0.4

References

https://forums.ivanti.com/s/article/Security-Advisory-End...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Sep 25, 2025

JSON