Ivanti Endpoint Manager के संस्करण 2024 SU4 SR1 से पहले में संग्रहीत XSS, एक दूरस्थ, गैर-प्रमाणित हमलावर को एक व्यवस्थापक सत्र के संदर्भ में मनमाना जावास्क्रिप्ट (JavaScript) निष्पादित करने की अनुमति देता है। उपयोगकर्ता इंटरैक्शन (User interactio)

The impact of CVE-2025-10573 is significant due to the potential for complete account takeover. An attacker can leverage this XSS vulnerability to execute malicious scripts within the administrator's session, granting them full control over the Ivanti Endpoint Manager system. This could lead to unauthorized access to sensitive data, modification of system configurations, deployment of malware to managed endpoints, and potentially, lateral movement within the network. The requirement for user interaction is a factor, but social engineering techniques could be employed to trick administrators into triggering the vulnerability.

Organizations heavily reliant on Ivanti Endpoint Manager for endpoint management and security are at significant risk. Specifically, environments with limited security awareness training among administrators, or those using older, unpatched versions of the software, are particularly vulnerable. Shared hosting environments where multiple users share the same Ivanti Endpoint Manager instance also face increased risk.

• windows / supply-chain: Monitor Ivanti Endpoint Manager logs for unusual JavaScript execution patterns. Use Windows Defender to scan for suspicious scripts.

Get-WinEvent -LogName Application -Filter "EventID=1001 and Source='Ivanti Endpoint Manager'" | Where-Object {$_.Message -match 'javascript:'}

• linux / server: Monitor web server access logs for requests containing suspicious JavaScript code. • wordpress / composer / npm: N/A - This vulnerability is not related to WordPress, Composer, or npm. • database (mysql, redis, mongodb, postgresql): N/A - This vulnerability is not related to databases. • generic web: Use curl to test endpoints for XSS vulnerabilities. Inspect response headers for unusual content.

echo '<script>alert("XSS")</script>' | curl -X POST -d @- https://your-ivanti-endpoint-manager/some-endpoint

1. 2025-12-09Disclosure

   disclosure

1. आरक्षित2025-09-16
2. प्रकाशित2025-12-09
3. संशोधित2026-02-26
4. EPSS अद्यतन2026-03-23

The primary mitigation for CVE-2025-10573 is to upgrade Ivanti Endpoint Manager to a version that includes the security patch. Ivanti has not yet released a fixed version as of the publication date. Until a patch is available, consider implementing temporary workarounds such as strict input validation on all user-supplied data, particularly in areas where administrator privileges are required. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide a layer of defense. Regularly review and audit administrator access controls to minimize the potential impact of a successful attack.