cbcvebase.
CVE-2025-13659
published 2025-12-09

CVE-2025-13659: Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to…

PriorityP263high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.62%
73.0th percentile
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.

Affected

5 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager< 20242024
ivantiendpoint_manager
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_qemu-kvm_4.2.0-13_on_cbl_mariner_1.0

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability allows a remote, unauthenticated attacker to write arbitrary files on the server via improper control of dynamically managed code resources; monitor for unexpected file creation events on Ivanti Endpoint Manager servers, especially in web-accessible directories.
  • User interaction is required for exploitation; monitor for phishing or social-engineering vectors targeting users of Ivanti Endpoint Manager environments that could trigger the file-write primitive.
  • ·Vulnerability affects Ivanti Endpoint Manager prior to version 2024 SU4 SR1; patched version is 2024 SU4 SR1. Ensure the fix (added Dec 10, 2025) is applied.
  • ·No public exploit or CISA KEV listing as of the published date; however, EPSS exploitation probability percentile is 77.4, indicating elevated risk of exploitation in the wild.
  • ·The vulnerability is classified under CWE-913 (Improper Control of Dynamically-Managed Code Resources), meaning detection should focus on dynamic code/script file writes on the server.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vendor_msrc2.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.