[Security Vulnerability Alert] Ivanti's EPM product has two critical cybersecurity vulnerabilities (CVE-2025-10573) and (CVE-2025-13659).

[Security Vulnerability Alert] Ivanti's EPM product has two critical cybersecurity vulnerabilities (CVE-2025-10573) and (CVE-2025-13659).

2025/12/16 ～ 2026/6/16

View Count：40

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202512-00000004

[Content Description] Ivanti's Endpoint Manager (EPM) is a system specifically designed for device management, providing management and protection for Windows, macOS, and Linux devices.

【CVE-2025-10573, CVSS: 9.6】 This is a stored cross-site scripting vulnerability, allowing an unauthenticated attacker to execute arbitrary JavaScript code during the administrator's workflow.

【CVE-2025-13659, CVSS: 8.8】 This is an arbitrary file write vulnerability. Due to improper control over dynamically managed code resources, an unauthenticated attacker can write arbitrary files to the server, potentially leading to remote code execution.

[Affected Platforms]
EPM 2024 SU4 and earlier versions

[Recommended Action]
Please update to the following version: EPM 2024 SU4 SR1

[Security Vulnerability Alert] Ivanti's EPM product has two critical cybersecurity vulnerabilities (CVE-2025-10573) and (CVE-2025-13659).

2025/12/16 ～ 2026/6/16

View Count：40

Files

None

【Back】