CVE-2025-43716

Name of the Vulnerable Software and Affected Versions Ivanti LANDesk Management Gateway versions 4.2-1.9

Description A directory traversal issue exists, allowing an attacker to bypass access controls and gain unauthorized access to various endpoints within the management web panel by appending %3F.php to the URI of the /client/index.php endpoint. This could potentially expose sensitive device information.

Recommendations For versions 4.2-1.9, consider restricting access to the /client/index.php endpoint until a fix is available. As a temporary workaround, avoid using the /client/index.php endpoint with appended parameters like %3F.php to minimize the risk of exploitation.