CVE-2025-22458
HIGHIvanti Endpoint Manager < 2024 SU1 and < 2022 SU7 - Authenticated DLL Hijacking
Title source: llmDescription
DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
References (2)
Core 2
Core References
Vendor Advisory
https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6
Mailing List
http://seclists.org/fulldisclosure/2025/May/17
Scores
CVSS v3
7.8
EPSS
0.0036
EPSS Percentile
27.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-427
Status
published
Products (3)
ivanti/endpoint_manager
2022 (7 CPE variants)
ivanti/endpoint_manager
2024
ivanti/endpoint_manager
< 2022
Published
Apr 08, 2025
Tracked Since
Feb 18, 2026