Summary : Security Advisory: Ivanti has publicly disclosed 13 vulnerabilities affecting its Endpoint Manager (EPM) 2024 and earlier releases. It includes 2 high-severity issues, 1 enabling remote code execution (RCE) and the other supporting privilege escalation alongside 11 medium-severity SQL injection flaws. Successful exploitation could lead to privilege escalation or remote code execution. 

OEM	Ivanti
Severity	High
CVSS Score	8.8
CVEs	CVE-2025-11622, CVE-2025-9713 & CVEs for SQL
POC Available	No
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview 

These vulnerabilities are considered critical for enterprise environments, as they could permit attackers to gain unauthorized access, execute arbitrary code, or extract sensitive database information from vulnerable endpoints.

Administrators are urged to update to the latest version to mitigate the attack and prevent potential exploitation. 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
Insecure Deserialization	CVE-2025-11622	Ivanti Endpoint Manager 2024 SU3 SR1 and prior	High	2024 SU4
Path Traversal – Remote Code Execution	CVE-2025-9713	Ivanti Endpoint Manager 2024 SU3 SR1 and prior	High

Technical Summary 

2 severe vulnerabilities in Ivanti Endpoint Manager significantly increase the risk to affected systems. One of the issues involves insecure deserialization, which may allow a local authenticated attacker to elevate their privileges and gain unauthorized access to sensitive functions or data.

Another notable vulnerability is a path traversal flaw that can lead to remote code execution when triggered by a remote unauthenticated attacker, provided certain user interaction occurs. In addition to these, multiple instances of SQL injection have been identified across various components of the application. These flaws could be exploited by remote authenticated users to retrieve unauthorized information from the backend database, potentially exposing sensitive data. 

These vulnerabilities underscores the importance of implementing secure coding practices, validating user input, and applying timely security patches to minimize risk and protect system assets. 

CVE ID	Component Affected	Vulnerability Details	Impact
CVE-2025-11622	Ivanti Endpoint Manager	This flaw allows a local authenticated attacker to escalate privileges on the EPM Core server by exploiting deserialization routines.	Privilege Escalation / Remote Code Execution
CVE-2025-9713	Ivanti Endpoint Manager	This enables remote unauthenticated attackers to achieve remote code execution, with user interaction required to trigger malicious file import or configuration actions.	Remote Code Execution / System Compromise

In addition, releasing eleven CVEs for SQL injection vulnerabilities that permit remote authenticated attackers to access and read arbitrary data from the database.  

Vulnerability Name	CVE ID	Affected Component	Severity
SQL Injection Flaws	CVE-2025-1162  CVE-2025-62383  CVE-2025-62384  CVE-2025-62385  CVE-2025-62386  CVE-2025-62387  CVE-2025-62388  CVE-2025-62389  CVE-2025-62390  CVE-2025-62391  CVE-2025-62392	Ivanti Endpoint Manager	Medium

Recommendations 

Update Ivanti Endpoint Manager to the following versions when available: 

• 2024 SU4 for high-severity vulnerabilities (targeted release November 12, 2025) 

• 2024 SU5 for SQL injection vulnerabilities (scheduled Q1 2026) 

Patches are currently under development, here are some mitigations below to protect the environment  

• Use Ivanti EPM 2024 SU3 SR1 to reduce the risk associated with the insecure deserialization vulnerability.  

• Limit access to the EPM Core server to local administrators only. 

• Use a firewall with a strict whitelisting configuration to block remote access. 

• Avoid importing untrusted configuration files into the EPM Core server. 

• Remove the reporting database user from the EPM configuration to mitigate the SQL injection vulnerabilities. But this action will disable reporting functionality, as the reporting database user is required to run reports. 

Conclusion: 
These vulnerabilities pose a significant threat to organizations relying on Ivanti Endpoint Manager for enterprise device management, potentially enabling privilege escalation, remote code execution, and unauthorized data access. Enterprises are strongly urged to implement Ivanti’s recommended mitigations without delay to reduce immediate risk. Additionally, organizations should prepare for the timely deployment of the upcoming security updates as they become available. Proactive action is essential to maintaining the security and integrity of endpoint management infrastructure. 

References: 

• https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025?language=en_US 

• https://securityonline.info/ivanti-endpoint-manager-discloses-13-flaws-high-severity-rce-and-11-sql-injection-vulnerabilities/