PT-2025-50088 · Ivanti · Ivanti Endpoint Manager
Published
2025-12-09
·
Updated
2026-01-22
·
CVE-2025-13662
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ivanti Endpoint Manager versions prior to 2024 SU4 SR1
Description
A flaw exists in the patch management component of Ivanti Endpoint Manager that involves improper verification of cryptographic signatures. This allows a remote, unauthenticated attacker to execute arbitrary code. User interaction is required for exploitation.
Recommendations
Update Ivanti Endpoint Manager to version 2024 SU4 SR1 or later.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Endpoint Manager