Critical Vulnerabilities in Ivanti Endpoint Manager Allow Remote Code Execution by Attackers

Ivanti has released critical security updates to address two high-severity vulnerabilities in its Endpoint Manager (EPM) software, identified as CVE-2025-9712 and CVE-2025-9872. These vulnerabilities, which could potentially allow remote code execution, affect multiple versions of the product. At the time of disclosure, Ivanti stated that it was not aware of any active exploitation of these flaws in the wild. Both vulnerabilities have been assigned a CVSS score of 8.8 out of 10.0, categorising them as high-severity. The root cause of these issues is an insufficient filename validation weakness, catalogued as CWE-434 (Unrestricted Upload of File with Dangerous Type). This vulnerability enables an attacker to upload a malicious or unexpected file type, which can then be executed on the target system. Successful exploitation requires a remote, unauthenticated threat actor to trick a user into interacting with a specially crafted file, making user interaction a critical prerequisite for exploitation.

The vulnerabilities impact Ivanti Endpoint Manager versions 2022 SU8 Security Update 1 and prior, as well as 2024 SU3 and earlier versions. Ivanti has made patches available to resolve these issues, and administrators are strongly advised to upgrade to Ivanti Endpoint Manager 2022 SU8 Security Update 2 and Ivanti Endpoint Manager 2024 SU3 Security Update 1. These security updates can be accessed through the Ivanti License System portal. Additionally, Ivanti has reminded customers that the 2022 product branch is scheduled to reach its End of Life (EOL) at the end of October 2025. Organisations still using this branch are encouraged to apply the immediate security fix and plan a migration to a fully supported version to continue receiving security updates and technical support. The vulnerabilities were reported through Ivanti’s responsible disclosure program, with credit given to a researcher identified as “06fe5fd2bc53027c4a3b7e395af0b850e7b8a044,” who collaborated with Trend Micro’s Zero Day Initiative in discovering and reporting both flaws. 

Categories: Vulnerabilities, Security Updates, Remote Code Execution 

Tags: Ivanti, Security Updates, Vulnerabilities, Remote Code Execution, CVE-2025-9712, CVE-2025-9872, CVSS Score, Filename Validation, Endpoint Manager, Patches