CVE-2025-13662
Unknown
Unknown - Not Provided
BaseFortify
Vulnerability report for CVE-2025-13662, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-12-09
Last updated on: 2025-12-11
Assigner: ivanti
Description
Description
Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ivanti | endpoint_manager | 2024_su4_sr1 |
| ivanti | endpoint_manager | to 2024 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |