Ivanti has recognized and resolved three high-severity vulnerabilities in its Endpoint Supervisor (EPM) software program.
If exploited, these flaws might allow attackers to decrypt different customers’ passwords or achieve entry to delicate database data, posing important dangers to organizations that depend on this endpoint administration resolution.
Ivanti Endpoint Supervisor Cell Vulnerabilities
Ivanti’s latest safety replace targets three particular vulnerabilities, every with a excessive severity score primarily based on the Frequent Vulnerability Scoring System (CVSS).
Two of those flaws, recognized as CVE-2025-6995 and CVE-2025-6996, stem from improper use of encryption within the EPM agent. Each carry a CVSS rating of 8.4 (Excessive) and will allow an area authenticated attacker to decrypt passwords of different customers.
The third vulnerability, CVE-2025-7037, includes an SQL injection flaw with a CVSS rating of seven.2 (Excessive), permitting a distant authenticated attacker with admin privileges to learn arbitrary information from the database.
Right here’s an in depth breakdown of the vulnerabilities:
CVE NumberDescriptionCVSS ScoreCVSS VectorCWECVE-2025-6995Improper encryption in EPM agent permits native authenticated attacker to decrypt passwords.8.4 (Excessive)CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:NCWE-257CVE-2025-6996Improper encryption in EPM agent permits native authenticated attacker to decrypt passwords.8.4 (Excessive)CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:NCWE-257CVE-2025-7037SQL injection in EPM permits distant admin attacker to learn database information.7.2 (Excessive)CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HCWE-89
These vulnerabilities have an effect on Ivanti Endpoint Supervisor variations previous to 2024 SU3 and 2022 SU8 Safety Replace 1. The encryption flaws particularly goal the agent part, making native entry a possible gateway for attackers to compromise consumer credentials.
Affected Variations and Options
Ivanti has recognized the next variations of Endpoint Supervisor as weak, with corresponding resolved variations now accessible:
Product NameAffected Model(s)Resolved Model(s)Patch AvailabilityIvanti Endpoint Manager2022 SU8 and prior2022 SU8 Safety Replace 1Download Accessible in ILSIvanti Endpoint Manager2024 SU2 and prior2024 SU3Download Accessible in ILS
Organizations utilizing affected variations are urged to replace instantly to the resolved variations 2024 SU3 or 2022 SU8 Safety Replace 1—accessible by means of Ivanti’s licensing portal (login required). These updates totally mitigate the recognized dangers.
Ivanti has emphasised that there isn’t a proof of lively exploitation of those vulnerabilities previous to their disclosure. The problems had been reported by means of the corporate’s accountable disclosure program, guaranteeing well timed patches earlier than any identified assaults.
Nevertheless, with no public indicators of compromise presently accessible, organizations should stay vigilant and prioritize updates to forestall potential breaches.
The flexibility for attackers to decrypt passwords or entry database data underscores the significance of sturdy endpoint safety. Whereas native entry is required for 2 of the vulnerabilities, the SQL injection flaw opens a distant assault vector for these with admin privileges, broadening the potential risk floor.
IT directors ought to audit their methods for affected variations of Ivanti Endpoint Supervisor and apply the mandatory updates immediately. Moreover, monitoring for uncommon exercise might function a precaution, although no exploitation has been reported.
This incident highlights the continued challenges in securing endpoint administration instruments, that are essential for organizational IT infrastructure.
Examine dwell malware conduct, hint each step of an assault, and make sooner, smarter safety choices -> Strive ANY.RUN now
