Ivanti warns of critical Endpoint Manager code execution flaw

Source: BleepingComputer

Author: Sergiu Gatlan

URL: https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-endpoint-manager-code-execution-flaw/

ONE SENTENCE SUMMARY:

Ivanti urges customers to patch critical Endpoint Manager vulnerabilities allowing remote code execution, emphasizing immediate action due to potential exploitation.

MAIN POINTS:

1. Ivanti discloses a critical vulnerability in its Endpoint Manager (EPM) solution, CVE-2025-10573.
2. The flaw enables unauthenticated attackers to execute code through low-complexity cross-site scripting.
3. Ivanti’s EPM is designed for managing devices across Windows, macOS, Linux, Chrome OS, and IoT.
4. Vulnerability involves stored XSS allowing JavaScript execution in admin session contexts.
5. EPM isn’t intended for online exposure, yet hundreds are tracked exposed globally.
6. Ivanti released patches for three high-severity flaws, needing user interaction and untrusted connections.
7. No exploitation evidence yet, but EPM vulnerabilities have been previous targets.
8. CISA warned about critical vulnerabilities in EPM appliances earlier this year.
9. U.S. agencies were ordered to patch an actively exploited vulnerability in October 2024.
10. A guide highlights the importance of scalable IAM strategies to meet modern demands.

TAKEAWAYS:

1. Patch critical EPM vulnerabilities immediately to prevent potential exploitation.
2. Ensure EPM solutions are not unnecessarily exposed online.
3. Stay informed about cybersecurity advisories from Ivanti and agencies like CISA.
4. Apply security updates consistently to safeguard against high-severity threats.
5. Develop a scalable Identity and Access Management (IAM) strategy to handle evolving security requirements.