Plattform
ivanti
Komponente
ivanti-endpoint-manager
CVE-2025-13661 describes a Path Traversal vulnerability discovered in Ivanti Endpoint Manager. This flaw allows a remote, authenticated attacker to write files outside of the intended directory, potentially leading to code execution or data manipulation. The vulnerability affects versions of Ivanti Endpoint Manager prior to 2024 SU4 SR1. Applying the vendor-provided patch is the recommended remediation.
The impact of this Path Traversal vulnerability is significant. An attacker who can successfully exploit it can write files to arbitrary locations on the system, bypassing intended security controls. This could allow them to overwrite critical system files, install malware, or gain persistent access to the environment. The requirement for authentication limits the immediate scope, but successful compromise of a single authenticated user could provide a foothold for further attacks. The ability to write arbitrary files represents a serious escalation of privileges and a potential for widespread damage.
CVE-2025-13661 was publicly disclosed on December 9, 2025. The vulnerability requires user interaction, which may lower the immediate probability of exploitation. As of this writing, there are no publicly available Proof-of-Concept (PoC) exploits. It is not currently listed on the CISA KEV catalog. The vulnerability's impact is heightened by the widespread use of Ivanti Endpoint Manager in enterprise environments.
Organizations heavily reliant on Ivanti Endpoint Manager for device management and security are at significant risk. Environments with weak authentication controls or where user awareness training is lacking are particularly vulnerable. Shared hosting environments utilizing Ivanti Endpoint Manager should also be considered high-risk due to the potential for cross-tenant exploitation.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4663 and SubjectUserName -like '*attacker*'" | sls• windows / supply-chain:
Get-Process | Where-Object {$_.Path -like "*\ivanti*"} | Select-Object ProcessName, Path• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*ivanti*'}disclosure
Exploit-Status
EPSS
2.03% (84% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-13661 is to upgrade to Ivanti Endpoint Manager version 2024 SU4 SR1 or later, which contains the fix. If immediate patching is not possible, consider implementing temporary workarounds. Restrict access to the vulnerable endpoint to only authorized users. Implement strict file access controls to limit the attacker's ability to write to sensitive locations. Monitor system logs for suspicious file creation or modification activity. Consider using a Web Application Firewall (WAF) to filter requests and block attempts to exploit the path traversal vulnerability. After upgrade, confirm the vulnerability is resolved by attempting a path traversal attack and verifying that access is denied.
Actualice Ivanti Endpoint Manager a una versión posterior a 2024 SU4 SR1. Esto solucionará la vulnerabilidad de path traversal y evitará que atacantes remotos autenticados escriban archivos arbitrarios fuera del directorio previsto.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-13661 is a Path Traversal vulnerability affecting Ivanti Endpoint Manager versions prior to 2024 SU4 SR1, allowing authenticated attackers to write arbitrary files.
You are affected if you are using Ivanti Endpoint Manager versions 2024 SU4 SR1 or earlier. Check your version against the affected range.
Upgrade to Ivanti Endpoint Manager version 2024 SU4 SR1 or later to patch the vulnerability. Implement temporary workarounds if immediate upgrading is not possible.
While no public exploits are currently known, the vulnerability's nature suggests a potential for exploitation. Monitor security advisories and threat intelligence.
Refer to the official Ivanti security advisory for detailed information and remediation steps: [https://www.ivanti.com/support/security-advisories/](https://www.ivanti.com/support/security-advisories/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.