Ivanti has released critical security updates addressing three high-severity vulnerabilities in Ivanti Endpoint Manager.
The flaws could allow authenticated attackers to write arbitrary files anywhere on a system’s disk, potentially leading to unauthorized access and system compromise.
Vulnerability Overview
The vulnerabilities affect Ivanti Endpoint Manager version 2024 SU3 SR1 and earlier. Two of the issues, CVE-2025-9713 and CVE-2025-11622, were previously disclosed in October 2025.
A new vulnerability, CVE-2025-10918, has now been identified and addressed in the November 2025 security advisory.
The most critical flaw, CVE-2025-10918, stems from insecure default permissions in the Endpoint Manager agent.
This allows a local authenticated attacker to exploit the vulnerability and write arbitrary files to any location on the disk.
The CVSS score of 7.1 indicates a high-severity risk to system security.
Exploiting these vulnerabilities requires local access and valid authentication credentials.
Once an attacker gains these privileges, they can bypass file permission restrictions and place malicious files on the system. This could enable further exploitation, privilege escalation, or persistent access.
Ivanti has released version 2024 SU4, which resolves all three vulnerabilities. Organizations running affected versions should prioritize applying this update immediately.
The patch is available through the Ivanti License System (ILS) for customers with active support agreements.
Importantly, users running the legacy 2022 branch should note that this version reached end-of-life on October 31, 2025.
Ivanti will not release patches for this older branch, requiring customers to upgrade to version 2024 SU4 to address these security issues.
At the time of disclosure, Ivanti reported no evidence of customer exploitation by these vulnerabilities.
However, organizations should not delay patching, as attackers typically develop exploits shortly after vulnerability details become public.
Security teams should audit their Endpoint Manager deployments immediately to identify affected versions.
Organizations should prioritize upgrades to version 2024 SU4 and implement segmentation to restrict local access to systems running vulnerable versions.
Additionally, monitoring for suspicious file creation activity in unexpected locations can help detect potential exploitation attempts.
| CVE ID | Severity | CVSS Score | Description | CWE |
|---|---|---|---|---|
| CVE-2025-10918 | High | 7.1 | Insecure default permissions allowing arbitrary file writes | CWE-276 |
| CVE-2025-9713 | High | – | Previously disclosed (October 2025) | – |
| CVE-2025-11622 | High | – | Previously disclosed (October 2025) | – |
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
%20(1)%20(1).webp?resize=1068,580&ssl=1&description=The flaws could allow authenticated attackers to write arbitrary files anywhere on a system's disk, potentially leading to unauthorized access and system compromise.){kind=link}