CVE-2025-10573
published 2025-12-09CVE-2025-10573: Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of…
PriorityP346medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
29.49%
98.0th percentile
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager | < 2024 | 2024 |
| ivanti | endpoint_manager | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2025-10573
vendor_ivanti·2025-12-09·CVSS 9.6
CVE-2025-10573 [CRITICAL] CWE-79 Ivanti Security Advisory: CVE-2025-10573
Ivanti Security Advisory: CVE-2025-10573
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
CVE IDs: CVE-2025-10573
CVSS Base Score: 9.6
Severity: CRITICAL
CWEs: CWE-79
GHSA
GHSA-vc8q-w37r-fmjc: Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the co
ghsa_unreviewed·2025-12-09
CVE-2025-10573 [CRITICAL] CWE-79 GHSA-vc8q-w37r-fmjc: Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the co
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
Suricata
ET WEB_SPECIFIC_APPS Ivanti EPM postcgi.exe Multiple Parameter Cross Site Scripting Attempt (CVE-2025-10573)
suricata·2025-12-09·CVSS 9.6
CVE-2025-10573 [CRITICAL] ET WEB_SPECIFIC_APPS Ivanti EPM postcgi.exe Multiple Parameter Cross Site Scripting Attempt (CVE-2025-10573)
ET WEB_SPECIFIC_APPS Ivanti EPM postcgi.exe Multiple Parameter Cross Site Scripting Attempt (CVE-2025-10573)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Ivanti EPM postcgi.exe Multiple Parameter Cross Site Scripting Attempt (CVE-2025-10573)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:61; content:"/incoming/postcgi.exe|3f|prefix|3d|ldscan|26|suffix|3d 2e|scn|26|name|3d|scan"; fast_pattern; http.request_body; content:"|3d|INJECT|22|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,www.rapid7.com/blog/post/cve-2025-10573-ivanti-epm-unauthenticated-stored-cross-site-scripting-fixed/; reference:cve,2025-10
No public exploits indexed.
Bleepingcomputer
Ivanti warns of critical Endpoint Manager code execution flaw
blogs_bleepingcomputer·2025-12-09·CVSS 9.6
[CRITICAL] Ivanti warns of critical Endpoint Manager code execution flaw
## Ivanti warns of critical Endpoint Manager code execution flaw
## Sergiu Gatlan
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely.
Ivanti delivers system and IT asset management solutions to over 40,000 companies via a network of more than 7,000 organizations worldwide. The company's EPM software is an all-in-one endpoint management tool for managing client devices across popular platforms, including Windows, macOS, Linux, Chrome OS, and IoT.
Tracked as CVE-2025-10573 , this critical security flaw can be exploited by remote, unauthenticated threat actors to execute arbitrary JavaScript code through low-complexity cross-site scripting attacks tha
Wiz
CVE-2025-10573 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.6
CVE-2025-10573 [CRITICAL] CVE-2025-10573 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-10573 :
Ivanti Endpoint Manager vulnerability analysis and mitigation
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
Source : NVD
## 6.1
Score
Published December 9, 2025
Severity MEDIUM
CNA Score 9.6
Affected Technologies
Ivanti Endpoint Manager
Ivanti Endpoint Manager Windows Agent
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:ivanti:endpoint_manager
Sources
Linux Severity MEDIUM No Fix Added at: Dec 12, 2025
Windows
2025-12-09
Published