PT-2025-50087 · Ivanti · Ivanti Endpoint Manager

Published

2025-12-09

Updated

2026-01-05

CVE-2025-13661

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU4 SR1

Description A path traversal issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can write arbitrary files to locations outside the intended directory. User interaction is required for exploitation.

Recommendations Update Ivanti Endpoint Manager to version 2024 SU4 SR1 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-13661

ZDI-25-1052

Affected Products

Ivanti Endpoint Manager

PT-2025-50087 · Ivanti · Ivanti Endpoint Manager

CVE-2025-13661

Weakness Enumeration

Related Identifiers

Affected Products

References · 7