Reflected XSS Vulnerability in Ivanti Endpoint Manager Products
CVE-2025-22466

8.2HIGH

Key Information:

Vendor: Ivanti
Status: Endpoint Manager
Vendor: CVE Published:; 8 April 2025

Summary

A reflected XSS vulnerability exists in Ivanti Endpoint Manager prior to version 2024 SU1 and version 2022 SU7. This flaw allows remote unauthenticated attackers to potentially gain admin privileges; however, user interaction is required to exploit this vulnerability. For optimal security, it is advised to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Endpoint Manager 2024 SU1

Endpoint Manager 2022 SU7

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Jan 7, 2025