Ivanti has released patches for four critical vulnerabilities in Endpoint Manager, including a high-severity flaw that enables remote code execution. These updates address several security issues, such as stored XSS, file writing, and cryptographic signature verification problems, with no known exploitation in the wild yet. #CVE-2025-10573 #EndpointManagerSecurity
Keypoints
- Ivanti released security patches for four vulnerabilities in Endpoint Manager.
- The most critical flaw, CVE-2025-10573, allows remote code execution via stored XSS without authentication.
- Other vulnerabilities include file writing via path traversal and issues in cryptographic signature verification.
- The vulnerabilities can be exploited remotely and require user interaction in some cases.
- No evidence of these vulnerabilities being exploited in active attacks has been reported.
Read More: https://www.securityweek.com/ivanti-epm-update-patches-critical-remote-code-execution-flaw/