CVE-2025-13659

216.73.217.22

· Published 09/12/2025 16:17 · Modified 11/12/2025 17:35

Labels: CVE-2025-13659 2025-12-09 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 CVE-2025-13659 CWE-913

Essential information

Published: 09/12/2025 16:17
Modified: 11/12/2025 17:35
Author: —
Creator: —
CVSS: 8.8 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.

NVD status

Status: Analyzed — CVE has had analysis completed and all data associations made.
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD: View on NVD

Affected products (CPE)

Product	CPE
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager::::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2024:-::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2024:su1::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2024:su2::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2024:su3::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2024:su4::::::`