Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution

Source: Cyber Security Advisories – MS-ISAC

Author: unknown

URL: https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-ivanti-products-could-allow-for-remote-code-execution_2025-095

ONE SENTENCE SUMMARY:

Multiple vulnerabilities in Ivanti products may allow remote code execution, impacting systems depending on their user privileges.

MAIN POINTS:

1. Multiple vulnerabilities found in Ivanti products could lead to remote code execution.
2. Ivanti Endpoint Manager and Mobile versions prior to 2024 SU3 SR1 affected.
3. Ivanti Neurons for MDM versions before R118 vulnerable to unauthorized access.
4. Path traversal and SQL injection are key vulnerabilities discovered.
5. Exploitations could allow attackers to install programs or alter data.
6. No current reports of these vulnerabilities being actively exploited.
7. Government and large businesses at high risk; small businesses at medium risk.
8. Recommended actions include applying updates, vulnerability management, and patch management.
9. Safeguards such as least privilege, network segmentation, and exploit protection are advised.
10. Penetration testing and continuous review of system security recommended.

TAKEAWAYS:

1. Apply Ivanti updates to address vulnerabilities immediately.
2. Implement a robust vulnerability management and remediation strategy.
3. Ensure systems and network infrastructure are up-to-date.
4. Perform regular penetration testing to identify security gaps.
5. Follow the principle of least privilege to minimize attack impact.