CVE-2025-10918

CVSS v3.1

7.1

High

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU4

Description A security issue exists in the agent component of Ivanti Endpoint Manager that allows a locally authenticated attacker to write arbitrary files to any location on the disk due to insecure default permissions. This can be used as a privilege escalation method.

Recommendations Update Ivanti Endpoint Manager to version 2024 SU4 or later.

Fix

LPE

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2025-10918

Affected Products

Ivanti Endpoint Manager

CVE-2025-10918

Weakness Enumeration

Related Identifiers

Affected Products

References · 7