SQL Injection Vulnerability in Ivanti Endpoint Manager Affects Multiple Versions
CVE-2025-7037

7.2HIGH

Key Information:

Vendor: Ivanti
Status: Endpoint Manager
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-7037?

An SQL injection vulnerability exists in Ivanti Endpoint Manager that allows remote, authenticated attackers possessing admin privileges to read arbitrary data from the database. This issue arises in versions prior to 2024 SU3 and 2022 SU8 Security Update 1, emphasizing the need for timely updates to mitigate potential security breaches.

Affected Version(s)

Endpoint Manager 2024 SU3

Endpoint Manager 2022 SU8

References

https://forums.ivanti.com/s/article/Security-Advisory-Jul...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jul 2, 2025