Reflected XSS Vulnerability in Ivanti Endpoint Manager Products
CVE-2025-22466

9.6CRITICAL

Key Information:

Vendor: Ivanti
Status: Endpoint Manager
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-22466?

A reflected XSS vulnerability exists in Ivanti Endpoint Manager prior to version 2024 SU1 and version 2022 SU7. This flaw allows remote unauthenticated attackers to potentially gain admin privileges; however, user interaction is required to exploit this vulnerability. For optimal security, it is advised to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Endpoint Manager 2024 SU1

Endpoint Manager 2022 SU7

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Jan 7, 2025