How severe is CVE-2025-6996?

CVE-2025-6996 has a CVSS v3 score of 8.4 (HIGH).

CVE-2025-6996

Name: endpoint_manager
Author: ivanti

8.4HIGH

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.

Veröffentlicht: 7/8/2025Aktualisiert: 7/11/2025

Beschreibung

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.

KI-AnalyseKI-gestützt

Betroffene Produkte

ivantiendpoint_manager

2022

ivantiendpoint_manager

2022

ivantiendpoint_manager

2022

ivantiendpoint_manager

2022

ivantiendpoint_manager

2022

ivantiendpoint_manager

2022

ivantiendpoint_manager

2022

ivantiendpoint_manager

2022

ivantiendpoint_manager

2022

ivantiendpoint_manager

2024

ivantiendpoint_manager

2024

ivantiendpoint_manager

2024

Referenzen

https://forums.ivanti.com/s/article/Security-Advisory-July-2025-for-Ivanti-EPM-2024-SU2-and-EPM-2022-SU8
Vendor Advisory