PT-2025-28467 · Ivanti · Ivanti Endpoint Manager
Published
2025-07-08
·
Updated
2025-07-11
·
CVE-2025-6996
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Ivanti Endpoint Manager versions prior to 2024 SU3
Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 1
Description:
The issue is related to the improper use of encryption in the agent of Ivanti Endpoint Manager. This allows a local authenticated attacker to decrypt other users’ passwords.
Recommendations:
For versions prior to 2024 SU3, update to version 2024 SU3 or later.
For versions prior to 2022 SU8 Security Update 1, update to 2022 SU8 Security Update 1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Endpoint Manager