CVE-2025-13659
published 2025-12-09CVE-2025-13659: Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to…
PriorityP263high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.62%
73.0th percentile
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager | < 2024 | 2024 |
| ivanti | endpoint_manager | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_qemu-kvm_4.2.0-13_on_cbl_mariner_1.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability allows a remote, unauthenticated attacker to write arbitrary files on the server via improper control of dynamically managed code resources; monitor for unexpected file creation events on Ivanti Endpoint Manager servers, especially in web-accessible directories. ↗
- →User interaction is required for exploitation; monitor for phishing or social-engineering vectors targeting users of Ivanti Endpoint Manager environments that could trigger the file-write primitive. ↗
- ·Vulnerability affects Ivanti Endpoint Manager prior to version 2024 SU4 SR1; patched version is 2024 SU4 SR1. Ensure the fix (added Dec 10, 2025) is applied. ↗
- ·No public exploit or CISA KEV listing as of the published date; however, EPSS exploitation probability percentile is 77.4, indicating elevated risk of exploitation in the wild. ↗
- ·The vulnerability is classified under CWE-913 (Improper Control of Dynamically-Managed Code Resources), meaning detection should focus on dynamic code/script file writes on the server. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vendor_msrc2.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-562r-f8r6-c7wj: Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attac
ghsa_unreviewed·2025-12-09
CVE-2025-13659 [HIGH] CWE-913 GHSA-562r-f8r6-c7wj: Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attac
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
Ivanti
Ivanti Security Advisory: CVE-2025-13659
vendor_ivanti·2025-12-09·CVSS 8.8
CVE-2025-13659 [HIGH] CWE-913 Ivanti Security Advisory: CVE-2025-13659
Ivanti Security Advisory: CVE-2025-13659
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
CVE IDs: CVE-2025-13659
CVSS Base Score: 8.8
Severity: HIGH
CWEs: CWE-913
Microsoft
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
vendor_msrc·2020-06-09·CVSS 2.5
CVE-2020-13659 [LOW] CWE-476 address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Customer Action Required: Yes
Remediati
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Ivanti warns of critical Endpoint Manager code execution flaw
blogs_bleepingcomputer·2025-12-09·CVSS 9.6
[CRITICAL] Ivanti warns of critical Endpoint Manager code execution flaw
## Ivanti warns of critical Endpoint Manager code execution flaw
## Sergiu Gatlan
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely.
Ivanti delivers system and IT asset management solutions to over 40,000 companies via a network of more than 7,000 organizations worldwide. The company's EPM software is an all-in-one endpoint management tool for managing client devices across popular platforms, including Windows, macOS, Linux, Chrome OS, and IoT.
Tracked as CVE-2025-10573 , this critical security flaw can be exploited by remote, unauthenticated threat actors to execute arbitrary JavaScript code through low-complexity cross-site scripting attacks tha
Wiz
CVE-2025-13659 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-13659 [HIGH] CVE-2025-13659 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-13659 :
Ivanti Endpoint Manager vulnerability analysis and mitigation
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
Source : NVD
## 8.8
Score
Published December 9, 2025
Severity HIGH
CNA Score 8.8
Affected Technologies
Ivanti Endpoint Manager
Ivanti Endpoint Manager Windows Agent
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 77.4
Exploitation Probability (EPSS) 1
Affected packages and libraries
cpe:2.3:a:ivanti:endpoint_manager
Sources
Linux Seve
Wiz
CVE-2025-10573 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.6
CVE-2025-10573 [CRITICAL] CVE-2025-10573 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-10573 :
Ivanti Endpoint Manager vulnerability analysis and mitigation
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
Source : NVD
## 6.1
Score
Published December 9, 2025
Severity MEDIUM
CNA Score 9.6
Affected Technologies
Ivanti Endpoint Manager
Ivanti Endpoint Manager Windows Agent
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:ivanti:endpoint_manager
Sources
Linux Severity MEDIUM No Fix Added at: Dec 12, 2025
Windows
Wiz
CVE-2025-13661 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-13661 [HIGH] CVE-2025-13661 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-13661 :
Ivanti Endpoint Manager vulnerability analysis and mitigation
Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.
Source : NVD
## 8
Score
Published December 9, 2025
Severity HIGH
CNA Score 7.1
Affected Technologies
Ivanti Endpoint Manager
Ivanti Endpoint Manager Windows Agent
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 83.7
Exploitation Probability (EPSS) 2
Affected packages and libraries
cpe:2.3:a:ivanti:endpoint_manager
Sources
Linux Severity HIGH No Fix Added at: Dec 12, 2025
Windows Severity HIGH No Fix A
Wiz
CVE-2026-1602 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-1602 [HIGH] CVE-2026-1602 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1602 :
Ivanti Endpoint Manager vulnerability analysis and mitigation
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Source : NVD
## 6.5
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Ivanti Endpoint Manager
Ivanti Endpoint Manager Windows Agent
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:ivanti:endpoint_manager
Sources
Linux Severity MEDIUM No Fix Added at: Feb 15, 2026
Windows Severity MEDIUM No Fix Added at: Feb 15, 2026
Linux Severity MEDIUM
Wiz
CVE-2025-13662 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-13662 [HIGH] CVE-2025-13662 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-13662 :
Ivanti Endpoint Manager vulnerability analysis and mitigation
Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.
Source : NVD
## 7.8
Score
Published December 9, 2025
Severity HIGH
CNA Score 7.8
Affected Technologies
Ivanti Endpoint Manager
Ivanti Endpoint Manager Windows Agent
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:ivanti:endpoint_manager
Sources
Linux Severity HIGH No Fix Added at: Dec
Wiz
CVE-2026-1603 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-1603 [HIGH] CVE-2026-1603 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1603 :
Ivanti Endpoint Manager vulnerability analysis and mitigation
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Source : NVD
## 7.5
Score
Published February 10, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Ivanti Endpoint Manager
Ivanti Endpoint Manager Windows Agent
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 98.3
Exploitation Probability (EPSS) 60.9
Affected packages and libraries
cpe:2.3:a:ivanti:endpoint_manager
Sources
Linux Severity HIGH No Fix Added at: Feb 15, 2026
Windows Severity HIGH No Fix Added at: Feb 15, 2026
Linux Severit
2025-12-09
Published