CVE-2025-9712
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-10-10
Assigner: ivanti
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ivanti | endpoint_manager | to 2022 (exc) |
| ivanti | endpoint_manager | 2022 |
| ivanti | endpoint_manager | 2022 |
| ivanti | endpoint_manager | 2022 |
| ivanti | endpoint_manager | 2022 |
| ivanti | endpoint_manager | 2022 |
| ivanti | endpoint_manager | 2022 |
| ivanti | endpoint_manager | 2022 |
| ivanti | endpoint_manager | 2022 |
| ivanti | endpoint_manager | 2022 |
| ivanti | endpoint_manager | 2022 |
| ivanti | endpoint_manager | 2024 |
| ivanti | endpoint_manager | 2024 |
| ivanti | endpoint_manager | 2024 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to insufficient filename validation in Ivanti Endpoint Manager versions before 2024 SU3 Security Update 1 and 2022 SU8 Security Update 2. It allows a remote unauthenticated attacker to execute remote code on the affected system. However, user interaction is required for the attack to succeed.
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution by an unauthenticated attacker, potentially allowing them to take control of the affected system. This can result in complete compromise of confidentiality, integrity, and availability of the system and its data.
What immediate steps should I take to mitigate this vulnerability?
Apply the Ivanti Endpoint Manager 2024 SU3 Security Update 1 or the 2022 SU8 Security Update 2 as soon as possible to fix the insufficient filename validation vulnerability and prevent remote code execution.