Improper Certificate Validation in Ivanti Endpoint Manager Products
CVE-2025-22459

4.8MEDIUM

Key Information:

Vendor: Ivanti
Status: Endpoint Manager
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-22459?

A security issue has been identified in Ivanti Endpoint Manager which relates to improper certificate validation. This weakness permits a remote, unauthenticated attacker to potentially intercept and manipulate limited traffic between clients and servers, exposing sensitive data and compromising network integrity. This vulnerability impacts specific versions of the product, making it essential for organizations to evaluate and upgrade to secure versions.

Affected Version(s)

Endpoint Manager 2024 SU1

Endpoint Manager 2022 SU7

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Jan 7, 2025