Remote Code Execution Vulnerability in Ivanti Endpoint Manager
CVE-2025-9712
8.8HIGH
What is CVE-2025-9712?
A vulnerability in Ivanti Endpoint Manager due to insufficient filename validation allows remote, unauthenticated attackers to execute arbitrary code. This risk requires user interaction, making it crucial to update to the latest security patches to mitigate potential threats.
Affected Version(s)
Endpoint Manager 2024 SU3 Security Release 1
Endpoint Manager 2024 SU3 Security Release 1
Endpoint Manager 2022 SU8 Security Release 2
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved