ivanti

500 tracked vulnerabilities.

CVE-2025-13661 HIGH
Ivanti Endpoint Manager < 2024 SU4 SR1 - Authenticated Path Traversal and Arbitrary File Write
Dec 09, 2025
CVSS 7.1
EPSS 0.01
CVE-2025-13659 HIGH
Ivanti Endpoint Manager < 2024 SU4 SR1 - Unauthenticated Arbitrary File Write and Remote Code Execution
Dec 09, 2025
CVSS 8.8
EPSS 0.02
CVE-2025-10573 CRITICAL
Ivanti Endpoint Manager < 2024 SU4 SR1 - Unauthenticated Stored Cross-Site Scripting
Dec 09, 2025
CVSS 9.6
EPSS 0.30
CVE-2025-10918 HIGH
Ivanti Endpoint Manager < 2024 SU4 - Authenticated Arbitrary File Write via Insecure Default Permissions
Nov 11, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-10986 MEDIUM
Ivanti EPMM <12.6.0.2-12.4.0.4 - Path Traversal
Oct 14, 2025
CVSS 4.7
EPSS 0.01
CVE-2025-10985 HIGH
Ivanti EPMM <12.6.0.2-12.4.0.4 - Command Injection
Oct 14, 2025
CVSS 7.2
EPSS 0.21
CVE-2025-10243 HIGH
Ivanti Endpoint Manager Mobile < 12.4.0.4 - Authenticated Remote Code Execution via Admin Panel
Oct 14, 2025
CVSS 7.2
EPSS 0.21
CVE-2025-10242 HIGH
Ivanti Endpoint Manager Mobile < 12.4.0.4 - Authenticated Remote Code Execution via Admin Panel
Oct 14, 2025
CVSS 7.2
EPSS 0.21
CVE-2025-62392 MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62391 MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62390 MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-62389 MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-62388 MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62387 MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-62386 MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62385 MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62384 MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62383 MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-11623 MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-9713 HIGH
Ivanti Endpoint Manager <2024 SU4 - Path Traversal
Oct 13, 2025
CVSS 8.8
EPSS 0.15
CVE-2025-11622 HIGH
Ivanti Endpoint Manager < 2024 SU4 - Authenticated Privilege Escalation via Insecure Deserialization
Oct 13, 2025
CVSS 7.8
EPSS 0.01
CVE-2025-9872 HIGH
Ivanti Endpoint Manager < 2024 SU3 SR1 & < 2022 SU8 SR2 - Unauthenticated RCE via Filename Validation
Sep 09, 2025
CVSS 8.8
EPSS 0.13
CVE-2025-9712 HIGH
Ivanti Endpoint Manager <2024 SU3 SR1, 2022 SU8 SR2 - RCE
Sep 09, 2025
CVSS 8.8
EPSS 0.20
CVE-2025-8712 MEDIUM
Ivanti Neurons for Secure Access < 22.8 - Authenticated Missing Authorization
Sep 09, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-8711 MEDIUM
Ivanti Connect Secure < 22.7 - Cross-Site Request Forgery
Sep 09, 2025
CVSS 5.4
EPSS 0.00