PT-2025-36743 · Ivanti · Ivanti Endpoint Manager
Published
2025-09-09
·
Updated
2025-10-14
·
CVE-2025-9712
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Ivanti Endpoint Manager versions prior to 2024 SU3 Security Update 1
Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 2
Description
Insufficient filename validation in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required for exploitation. The issue involves the potential for dangerous file uploads due to inadequate filename validation.
Recommendations
Ivanti Endpoint Manager versions prior to 2024 SU3 Security Update 1 should be updated to 2024 SU3 Security Update 1 or later.
Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 2 should be updated to 2022 SU8 Security Update 2 or later.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Endpoint Manager