Pricing Enterprise

CVE-2025-13659

8.8HIGH

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potent

Published: 12/9/2025Updated: 12/11/2025

View on NVD View on MITRE

Description

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.

AI AnalysisPowered by AI

Affected Products

ivantiendpoint_manager

ivantiendpoint_manager

2024

ivantiendpoint_manager

2024

ivantiendpoint_manager

2024

ivantiendpoint_manager

2024

ivantiendpoint_manager

2024

ivantiendpoint_manager

2024

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024
Vendor Advisory