Platform
ivanti
Component
ivanti-endpoint-manager
CVE-2025-13661 describes a Path Traversal vulnerability discovered in Ivanti Endpoint Manager. This flaw allows a remote, authenticated attacker to write files outside of the intended directory, potentially leading to code execution or data manipulation. The vulnerability affects versions of Ivanti Endpoint Manager prior to 2024 SU4 SR1. Applying the vendor-provided patch is the recommended remediation.
The impact of this vulnerability is significant. Successful exploitation allows an attacker, already authenticated within the Ivanti Endpoint Manager system, to write arbitrary files to the server's file system. This could be leveraged to overwrite critical system files, inject malicious code (e.g., web shells), or exfiltrate sensitive data. The ability to write files outside the intended directory bypasses standard security controls and significantly expands the attacker's potential impact. While user interaction is required, the attacker could potentially trick a legitimate user into initiating the file write operation, making it a viable attack vector in many environments.
CVE-2025-13661 was publicly disclosed on December 9, 2025. The vulnerability's impact, combined with the requirement for authentication, suggests a medium probability of exploitation. Currently, no public proof-of-concept exploits are known, but the ease of exploiting path traversal vulnerabilities generally means that one may emerge. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
2.03% (84% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13661 is to upgrade Ivanti Endpoint Manager to version 2024 SU4 SR1 or later, which contains the fix. If immediate upgrading is not possible, consider implementing temporary workarounds. Restrict access to the vulnerable endpoint to only authorized users. Implement strict file system permissions to limit the attacker's ability to write to sensitive directories. Monitor system logs for suspicious file creation or modification activity. Consider using a Web Application Firewall (WAF) to filter requests that attempt to traverse directories, although this is not a complete solution.
Actualice Ivanti Endpoint Manager a una versión posterior a 2024 SU4 SR1. Esto solucionará la vulnerabilidad de path traversal y evitará que atacantes remotos autenticados escriban archivos arbitrarios fuera del directorio previsto.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13661 is a Path Traversal vulnerability affecting Ivanti Endpoint Manager versions prior to 2024 SU4 SR1, allowing authenticated attackers to write arbitrary files.
You are affected if you are using Ivanti Endpoint Manager versions 2024 SU4 SR1 or earlier. Check your version against the affected range.
Upgrade to Ivanti Endpoint Manager version 2024 SU4 SR1 or later to patch the vulnerability. Implement temporary workarounds if immediate upgrading is not possible.
While no public exploits are currently known, the vulnerability's nature suggests a potential for exploitation. Monitor security advisories and threat intelligence.
Refer to the official Ivanti security advisory for detailed information and remediation steps: [https://www.ivanti.com/support/security-advisories/](https://www.ivanti.com/support/security-advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.