Ivanti has rolled out safety updates for its Endpoint Supervisor product, addressing three high-severity vulnerabilities that might let authenticated native attackers write arbitrary recordsdata wherever on the system disk.
The issues, if exploited, pose important dangers to enterprise environments by probably permitting malicious code execution or knowledge tampering.
The latest difficulty, tracked as CVE-2025-10918, stems from insecure default permissions within the Endpoint Supervisor agent variations previous to 2024 SU4.
This vulnerability carries a CVSS rating of seven.1 (Excessive), with a vector of CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H, and aligns with CWE-276 for incorrect default permissions. Attackers with native authenticated entry may leverage it to overwrite crucial recordsdata, escalating privileges or disrupting operations.
Ivanti Endpoint Supervisor Vulnerabilities
Ivanti additionally patched two beforehand disclosed vulnerabilities from October 2025: CVE-2025-9713 and CVE-2025-11622. Whereas particular particulars on these weren’t reiterated within the newest advisory, they contribute to the identical arbitrary file write menace mannequin.
Importantly, Ivanti reviews no identified buyer exploitation of any of those points on the time of disclosure, crediting its accountable disclosure program for early detection.
Affected programs embody Ivanti Endpoint Supervisor 2024 SU3 SR1 and earlier variations. The fixes can be found within the newly launched 2024 SU4 replace, downloadable through Ivanti’s License System portal for eligible clients.
Customers on the older 2022 department face a more durable highway: that model reached end-of-life on the finish of October 2025, so no patches might be issued. Organizations should improve to 2024 SU4 to mitigate dangers.
CVE NumberDescriptionCVSS Rating (Severity)Assault RequirementsPotential ImpactCVE-2025-10918Insecure default permissions within the agent enable an area authenticated attacker to write down arbitrary recordsdata wherever on disk.7.1 (Excessive)Native authenticated entry.File tampering, privilege escalation through overwrites.CVE-2025-9713Path traversal permits a distant unauthenticated attacker to realize distant code execution, enabling arbitrary file writes; consumer interplay required.8.8 (Excessive)Distant unauthenticated, consumer interplay (e.g., malicious file import).RCE resulting in full system compromise and file manipulation.CVE-2025-11622Insecure deserialization permits an area authenticated attacker to escalate privileges, facilitating arbitrary file writes post-escalation.7.8 (Excessive)Native authenticated entry.Privilege escalation enabling broader file entry and execution.
Ivanti extends its due to safety researcher Enrique Fernández Lorenzo, often known as bighound, for responsibly reporting CVE-2025-10918. The corporate emphasizes its dedication to vulnerability disclosure, inviting moral hackers to interact via its coverage.
For these assessing publicity, Ivanti notes no public indicators of compromise exist but, as exploitation stays undetected. Directors ought to prioritize patching to safeguard endpoint administration integrity. With cyber threats evolving quickly, well timed updates stay a cornerstone of protection in managed IT ecosystems.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.
