CVE-2025-22464

MEDIUM

Ivanti Endpoint Manager <2024 SU1, <2022 SU7 - Memory Corruption

Title source: llm

Description

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

References (1)

[Vendor Advisory] https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6

Scores

CVSS v3 6.1

EPSS 0.0009

EPSS Percentile 25.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-822

Status published

Products (3)

ivanti/endpoint_manager 2022 (7 CPE variants)

ivanti/endpoint_manager 2024

ivanti/endpoint_manager < 2022

Published Apr 08, 2025

Tracked Since Feb 18, 2026