CVE-2025-43716
published 2025-04-23CVE-2025-43716: A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php…
PriorityP434medium5.8CVSS 3.1
AVNACLPRNUINSCCLINAN
EPSS
1.15%
63.0th percentile
A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access controls and gain unauthorized access to various endpoints such as /client/index.php%3F.php/gsb/firewall.php within the management web panel, potentially exposing sensitive device information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | landesk_management_suite | <= 4.2-1.9 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2025-43716
vendor_ivanti·2025-04-23·CVSS 5.8
CVE-2025-43716 [MEDIUM] CWE-180 Ivanti Security Advisory: CVE-2025-43716
Ivanti Security Advisory: CVE-2025-43716
A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access controls and gain unauthorized access to various endpoints such as /client/index.php%3F.php/gsb/firewall.php within the management web panel, potentially exposing sensitive device information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE IDs: CVE-2025-43716
CVSS Base Score: 5.8
Severity: MEDIUM
CWEs: CWE-180
GHSA
GHSA-92h7-q9m9-98h8: A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4
ghsa_unreviewed·2025-04-23
CVE-2025-43716 [MEDIUM] CWE-180 GHSA-92h7-q9m9-98h8: A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4
A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access controls and gain unauthorized access to various endpoints such as /client/index.php%3F.php/gsb/firewall.php within the management web panel, potentially exposing sensitive device information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-23
Published