Platform
ivanti
Component
ivanti-endpoint-manager
CVE-2025-10573 describes a stored Cross-Site Scripting (XSS) vulnerability present in Ivanti Endpoint Manager versions up to and including 2024 SU4 SR1. This flaw allows a malicious, unauthenticated attacker to inject and execute arbitrary JavaScript code within the context of an administrator's session. Successful exploitation requires user interaction, but the potential impact is severe due to the elevated privileges involved.
The impact of CVE-2025-10573 is significant due to the potential for complete account takeover. An attacker can leverage this XSS vulnerability to execute malicious scripts within the administrator's session, granting them full control over the Ivanti Endpoint Manager system. This could lead to unauthorized access to sensitive data, modification of system configurations, deployment of malware to managed endpoints, and potentially, lateral movement within the network. The requirement for user interaction is a factor, but social engineering techniques could be employed to trick administrators into triggering the vulnerability.
CVE-2025-10573 was publicly disclosed on 2025-12-09. As of this date, no public proof-of-concept (PoC) code has been released, but the vulnerability's severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV, but its critical CVSS score warrants close monitoring. Active campaigns targeting Ivanti Endpoint Manager are possible, given the widespread use of the product.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-10573 is to upgrade Ivanti Endpoint Manager to a version that includes the security patch. Ivanti has not yet released a fixed version as of the publication date. Until a patch is available, consider implementing temporary workarounds such as strict input validation on all user-supplied data, particularly in areas where administrator privileges are required. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide a layer of defense. Regularly review and audit administrator access controls to minimize the potential impact of a successful attack.
Update Ivanti Endpoint Manager to a version later than 2024 SU4 SR1 to fix the stored XSS vulnerability. This will prevent remote, unauthenticated attackers from executing arbitrary JavaScript in the context of an administrator session. See the Ivanti security advisory for more details and upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-10573 is a critical stored XSS vulnerability affecting Ivanti Endpoint Manager versions up to 2024 SU4 SR1, allowing attackers to execute JavaScript in an administrator session.
You are affected if you are using Ivanti Endpoint Manager versions 2024 SU4 SR1 or earlier. Upgrade to a patched version as soon as it becomes available.
The recommended fix is to upgrade to a patched version of Ivanti Endpoint Manager. Monitor Ivanti's security advisories for the release of a fix.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation. Monitor your systems closely.
Refer to the official Ivanti security advisory page for updates and information regarding CVE-2025-10573: [https://www.ivanti.com/support/security-advisories/]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.