Critical Flaws Discovered in Ivanti Endpoint Manager

Security researchers have uncovered four distinct vulnerabilities affecting Ivanti Endpoint Manager (EPM), prompting the vendor to release emergency patches for its enterprise management platform. The disclosure coincides with December's Patch Tuesday, when major technology vendors traditionally publish their monthly security updates.

Severity Breakdown: One Critical, Three High-Risk Issues

The most severe vulnerability, tracked as CVE-2025-10573, represents a stored cross-site scripting (XSS) weakness that could enable attackers to inject and execute arbitrary JavaScript code within administrator sessions. This flaw earned a CVSS v3.0 base score of 9.6, placing it in the "Critical" severity category—the highest possible rating on the four-tier scale.

Beyond this primary concern, three additional vulnerabilities warrant immediate attention. CVE-2025-13659 allows unauthenticated attackers to write arbitrary files to the system, eliminating a crucial security barrier. Meanwhile, CVE-2025-13661 introduces a path traversal weakness, and CVE-2025-13662 stems from inadequate signature verification mechanisms. All three received "High" severity designations, with CVSS scores of 8.8, 7.1, and 7.8 respectively.

What This Means for Organizations

Endpoint management platforms like Ivanti EPM serve as central nervous systems for enterprise IT infrastructure, controlling device policies, software deployment, and security configurations across thousands of endpoints. Compromising such systems grants attackers privileged access to an organization's entire device fleet.

The stored XSS vulnerability particularly concerns security professionals because it targets administrative interfaces—precisely where damage potential multiplies exponentially. Successful exploitation could enable attackers to hijack admin sessions, modify security policies, or deploy malicious configurations across managed endpoints.

Furthermore, the unauthenticated file-write capability in CVE-2025-13659 lowers the attack barrier significantly. Attackers wouldn't need stolen credentials or social engineering tactics; they could potentially compromise systems through direct exploitation.

Immediate Action Required

Ivanti has released security updates addressing all four vulnerabilities. Organizations running Endpoint Manager should prioritize patching, particularly given the critical severity rating and the product's privileged position within enterprise networks.

This disclosure underscores an uncomfortable reality: management tools themselves increasingly become targets precisely because they offer such comprehensive system access. When defenders rely on centralized platforms for security enforcement, those platforms must maintain impeccable security postures themselves.

The timing alongside Patch Tuesday suggests coordinated disclosure, giving organizations a consolidated window for planning their update cycles. Nevertheless, the critical rating demands expedited response rather than waiting for standard maintenance windows.

Security teams should verify patch application, review logs for potential exploitation indicators, and consider temporarily restricting administrative access to EPM interfaces until updates are confirmed deployed. Given the authentication bypass characteristics of some vulnerabilities, standard access controls may prove insufficient protection.