Ivanti Endpoint Manager 在 2024 SU4 SR1 版本之前存在存储型 XSS 漏洞,允许远程未认证攻击者在管理员会话上下文中执行任意 JavaScript。用户交互是必需的。
平台
ivanti
组件
ivanti-endpoint-manager
CVE-2025-10573 describes a stored Cross-Site Scripting (XSS) vulnerability present in Ivanti Endpoint Manager versions up to and including 2024 SU4 SR1. This flaw allows a malicious, unauthenticated attacker to inject and execute arbitrary JavaScript code within the context of an administrator's session. Successful exploitation requires user interaction, but the potential impact is severe due to the elevated privileges involved.
影响与攻击场景翻译中…
The impact of CVE-2025-10573 is significant due to the potential for complete account takeover. An attacker can leverage this XSS vulnerability to execute malicious scripts within the administrator's session, granting them full control over the Ivanti Endpoint Manager system. This could lead to unauthorized access to sensitive data, modification of system configurations, deployment of malware to managed endpoints, and potentially, lateral movement within the network. The requirement for user interaction is a factor, but social engineering techniques could be employed to trick administrators into triggering the vulnerability.
利用背景翻译中…
CVE-2025-10573 was publicly disclosed on 2025-12-09. As of this date, no public proof-of-concept (PoC) code has been released, but the vulnerability's severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV, but its critical CVSS score warrants close monitoring. Active campaigns targeting Ivanti Endpoint Manager are possible, given the widespread use of the product.
哪些人处于风险中翻译中…
Organizations heavily reliant on Ivanti Endpoint Manager for endpoint management and security are at significant risk. Specifically, environments with limited security awareness training among administrators, or those using older, unpatched versions of the software, are particularly vulnerable. Shared hosting environments where multiple users share the same Ivanti Endpoint Manager instance also face increased risk.
检测步骤翻译中…
• windows / supply-chain: Monitor Ivanti Endpoint Manager logs for unusual JavaScript execution patterns. Use Windows Defender to scan for suspicious scripts.
Get-WinEvent -LogName Application -Filter "EventID=1001 and Source='Ivanti Endpoint Manager'" | Where-Object {$_.Message -match 'javascript:'}• linux / server: Monitor web server access logs for requests containing suspicious JavaScript code. • wordpress / composer / npm: N/A - This vulnerability is not related to WordPress, Composer, or npm. • database (mysql, redis, mongodb, postgresql): N/A - This vulnerability is not related to databases. • generic web: Use curl to test endpoints for XSS vulnerabilities. Inspect response headers for unusual content.
echo '<script>alert("XSS")</script>' | curl -X POST -d @- https://your-ivanti-endpoint-manager/some-endpoint攻击时间线
- Disclosure
disclosure
威胁情报
漏洞利用状态
EPSS
0.04% (12% 百分位)
CISA SSVC
CVSS 向量
这些指标意味着什么?
- Attack Vector
- 网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
- Attack Complexity
- 低 — 无需特殊条件,可以稳定地利用漏洞。
- Privileges Required
- 无 — 无需认证,无需凭证即可利用。
- User Interaction
- 需要 — 受害者必须打开文件、点击链接或访问特制页面。
- Scope
- 已改变 — 攻击可以超出脆弱组件,影响其他系统。
- Confidentiality
- 高 — 完全丧失机密性,攻击者可读取所有数据。
- Integrity
- 高 — 攻击者可写入、修改或删除任何数据。
- Availability
- 高 — 完全崩溃或资源耗尽,完全拒绝服务。
受影响的软件
弱点分类 (CWE)
时间线
- 已保留
- 发布日期
- 修改日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The primary mitigation for CVE-2025-10573 is to upgrade Ivanti Endpoint Manager to a version that includes the security patch. Ivanti has not yet released a fixed version as of the publication date. Until a patch is available, consider implementing temporary workarounds such as strict input validation on all user-supplied data, particularly in areas where administrator privileges are required. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide a layer of defense. Regularly review and audit administrator access controls to minimize the potential impact of a successful attack.
修复方法
将 Ivanti Endpoint Manager 更新到 2024 SU4 SR1 之后的版本以修复存储型 XSS 漏洞。这将防止远程未认证攻击者在管理员会话上下文中执行任意 JavaScript。请参阅 Ivanti 安全公告以获取更多详细信息和升级说明。
CVE 安全通讯
漏洞分析和关键警报直接发送到您的邮箱。
常见问题翻译中…
What is CVE-2025-10573 — XSS in Ivanti Endpoint Manager?
CVE-2025-10573 is a critical stored XSS vulnerability affecting Ivanti Endpoint Manager versions up to 2024 SU4 SR1, allowing attackers to execute JavaScript in an administrator session.
Am I affected by CVE-2025-10573 in Ivanti Endpoint Manager?
You are affected if you are using Ivanti Endpoint Manager versions 2024 SU4 SR1 or earlier. Upgrade to a patched version as soon as it becomes available.
How do I fix CVE-2025-10573 in Ivanti Endpoint Manager?
The recommended fix is to upgrade to a patched version of Ivanti Endpoint Manager. Monitor Ivanti's security advisories for the release of a fix.
Is CVE-2025-10573 being actively exploited?
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation. Monitor your systems closely.
Where can I find the official Ivanti advisory for CVE-2025-10573?
Refer to the official Ivanti security advisory page for updates and information regarding CVE-2025-10573: [https://www.ivanti.com/support/security-advisories/]