Ivanti has issued security updates for multiple vulnerabilities in its Endpoint Manager (EPM) software, including a critical cross-site scripting flaw. These vulnerabilities pose risks primarily to exposed internet-facing instances, with potential remote code execution and session hijacking. #CVE-2025-10573 #EPM #Ivanti
Keypoints
- Ivanti warns customers to patch a critical vulnerability in Endpoint Manager (CVE-2025-10573).
- The flaw allows attackers to execute JavaScript code through cross-site scripting attacks requiring user interaction.
- Exposed Ivanti EPM instances are tracked in several countries, including the U.S., Germany, and Japan.
- Ivanti released updates to address three high-severity vulnerabilities, two of which enable remote code execution.
- No evidence suggests these vulnerabilities have been exploited prior to disclosure, but they are often targeted by threat actors.