CVE-2025-10918
published 2025-11-11CVE-2025-10918: Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files…
PriorityP335high7.1CVSS 3.1
AVLACLPRLUINSUCNIHAH
EPSS
0.22%
12.4th percentile
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager | < 2024 | 2024 |
| ivanti | endpoint_manager | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9pjj-6x65-w94f: Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary
ghsa_unreviewed·2025-11-11
CVE-2025-10918 [HIGH] CWE-276 GHSA-9pjj-6x65-w94f: Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk
Ivanti
Ivanti Security Advisory: CVE-2025-10918
vendor_ivanti·2025-11-11·CVSS 7.1
CVE-2025-10918 [HIGH] CWE-276 Ivanti Security Advisory: CVE-2025-10918
Ivanti Security Advisory: CVE-2025-10918
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk
CVE IDs: CVE-2025-10918
CVSS Base Score: 7.1
Severity: HIGH
CWEs: CWE-276
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-11-11
Published