Reflected XSS Vulnerability in Ivanti Endpoint Manager Products
CVE-2025-22466
9.6CRITICAL
What is CVE-2025-22466?
A reflected XSS vulnerability exists in Ivanti Endpoint Manager prior to version 2024 SU1 and version 2022 SU7. This flaw allows remote unauthenticated attackers to potentially gain admin privileges; however, user interaction is required to exploit this vulnerability. For optimal security, it is advised to update to the latest version to mitigate risks associated with this vulnerability.
Affected Version(s)
Endpoint Manager 2024 SU1
Endpoint Manager 2024 SU1
Endpoint Manager 2022 SU7