Ivanti Released Security Update With The Fixes for Critical Endpoint Manager RCE...
gbhackers- CVE-2025-22466 (8.2, High): A reflected cross-site scripting (XSS) flaw that could let an unauthenticated remote attacker seize admin privileges, requiring user interaction.
- CVE-2025-22458 (7.8, High): A DLL hijacking issue enabling an authenticated local attacker to escalate to SYSTEM-level access.
- CVE-2025-22461 (7.2, High): An SQL injection vulnerability allowing a remote authenticated admin to execute arbitrary code.
Other issues involve a denial-of-service risk (CVE-2025-22464), another XSS vulnerability (CVE-2025-22465), and improper certificate validation (CVE-2025-22459) that could expose limited traffic to interception.
No Known Exploits Available
Ivanti emphasized that it has no evidence of these vulnerabilities being exploited as of the disclosure date.
The issues were uncovered through its responsible disclosure program, with credit given to Paul Serban of Eviden’s SEC Consult Vulnerability Lab (CVE-2025-22458) and Kevin Salapatek of Trend Micro (CVE-2025-22461).
“We’re not aware of any customers being targeted prior to this announcement,” Ivanti said.
However, the company ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE