SQL Injection Vulnerability in Ivanti Endpoint Manager
CVE-2025-62387
6.5MEDIUM
What is CVE-2025-62387?
A SQL injection vulnerability exists in Ivanti Endpoint Manager, enabling remote authenticated attackers to execute unauthorized database queries. By exploiting this weakness, attackers can potentially read sensitive data stored in the database, leading to serious security concerns for affected organizations. Regular updates and rigorous security practices are essential to mitigate the risks associated with this vulnerability.
Affected Version(s)
Endpoint Manager 2024 SU3 SR1
Endpoint Manager 2024 SU3 SR1
Endpoint Manager 2022 SU8 SR2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved