ivanti
500 tracked vulnerabilities.
CVE-2025-13661
HIGH
Ivanti Endpoint Manager < 2024 SU4 SR1 - Authenticated Path Traversal and Arbitrary File Write
Dec 09, 2025
CVSS 7.1
EPSS 0.01
CVE-2025-13659
HIGH
Ivanti Endpoint Manager < 2024 SU4 SR1 - Unauthenticated Arbitrary File Write and Remote Code Execution
Dec 09, 2025
CVSS 8.8
EPSS 0.02
CVE-2025-10573
CRITICAL
Ivanti Endpoint Manager < 2024 SU4 SR1 - Unauthenticated Stored Cross-Site Scripting
Dec 09, 2025
CVSS 9.6
EPSS 0.30
CVE-2025-10918
HIGH
Ivanti Endpoint Manager < 2024 SU4 - Authenticated Arbitrary File Write via Insecure Default Permissions
Nov 11, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-10986
MEDIUM
Ivanti EPMM <12.6.0.2-12.4.0.4 - Path Traversal
Oct 14, 2025
CVSS 4.7
EPSS 0.01
CVE-2025-10985
HIGH
Ivanti EPMM <12.6.0.2-12.4.0.4 - Command Injection
Oct 14, 2025
CVSS 7.2
EPSS 0.21
CVE-2025-10243
HIGH
Ivanti Endpoint Manager Mobile < 12.4.0.4 - Authenticated Remote Code Execution via Admin Panel
Oct 14, 2025
CVSS 7.2
EPSS 0.21
CVE-2025-10242
HIGH
Ivanti Endpoint Manager Mobile < 12.4.0.4 - Authenticated Remote Code Execution via Admin Panel
Oct 14, 2025
CVSS 7.2
EPSS 0.21
CVE-2025-62392
MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62391
MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62390
MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-62389
MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-62388
MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62387
MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-62386
MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62385
MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62384
MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-62383
MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-11623
MEDIUM
Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection
Oct 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-9713
HIGH
Ivanti Endpoint Manager <2024 SU4 - Path Traversal
Oct 13, 2025
CVSS 8.8
EPSS 0.15
CVE-2025-11622
HIGH
Ivanti Endpoint Manager < 2024 SU4 - Authenticated Privilege Escalation via Insecure Deserialization
Oct 13, 2025
CVSS 7.8
EPSS 0.01
CVE-2025-9872
HIGH
Ivanti Endpoint Manager < 2024 SU3 SR1 & < 2022 SU8 SR2 - Unauthenticated RCE via Filename Validation
Sep 09, 2025
CVSS 8.8
EPSS 0.13
CVE-2025-9712
HIGH
Ivanti Endpoint Manager <2024 SU3 SR1, 2022 SU8 SR2 - RCE
Sep 09, 2025
CVSS 8.8
EPSS 0.20
CVE-2025-8712
MEDIUM
Ivanti Neurons for Secure Access < 22.8 - Authenticated Missing Authorization
Sep 09, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-8711
MEDIUM
Ivanti Connect Secure < 22.7 - Cross-Site Request Forgery
Sep 09, 2025
CVSS 5.4
EPSS 0.00
Products
connect_secure 130
avalanche 117
endpoint_manager 116
policy_secure 77
endpoint_manager_mobile 28
workspace_control 22
secure_access_client 21
zero_trust_access_gateway 17
neurons_for_secure_access 15
Endpoint Manager Mobile 7
cloud_services_appliance 7
desktop_\&_server_management 6
landesk_management_suite 6
neurons_for_itsm 6
endpoint_manager_cloud_services_appliance 5
neurons_for_zero-trust_access 5
standalone_sentry 4
Endpoint Manager 3
Neurons for ITSM (Cloud) 3
Secure Access Client 3
Sentry 3
incapptic_connect 3
security_controls 3
Connect Secure 2
Neurons for ITSM (On-Premise) 2
application_control 2
automation 2
mobileiron 2
virtual_traffic_manager 2
LANDesk Management Suite 1
Quick Filters