CVE-2025-9712
published 2025-09-09CVE-2025-9712: Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote…
PriorityP274high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
20.46%
97.2th percentile
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager | < 2022 | 2022 |
| ivanti | endpoint_manager | — | — |
| ivanti | endpoint_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Insufficient filename validation (CWE-434: Unrestricted Upload of File with Dangerous Type) in Ivanti Endpoint Manager — monitor for suspicious file uploads or unexpected file extensions being submitted to EPM endpoints, particularly from unauthenticated remote sources. ↗
- →User interaction is required for exploitation — phishing or social engineering vectors targeting EPM users should be considered in detection logic (e.g., monitoring for unusual user-initiated file operations on EPM). ↗
- ·Vulnerable versions are Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2. Patched versions are 2024 SU3 SR1 and 2022 SU8 SR2 respectively — ensure asset inventory reflects the exact build version to confirm exposure. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2025-9712
vendor_ivanti·2025-09-09·CVSS 8.8
CVE-2025-9712 [HIGH] CWE-434 Ivanti Security Advisory: CVE-2025-9712
Ivanti Security Advisory: CVE-2025-9712
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
CVE IDs: CVE-2025-9712
CVSS Base Score: 8.8
Severity: HIGH
CWEs: CWE-434
GHSA
GHSA-f42q-g7jg-2p77: Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 Security Update 1 and 2022 SU8 Security Update 2 allows a remote unauthent
ghsa_unreviewed·2025-09-09
CVE-2025-9712 [HIGH] CWE-434 GHSA-f42q-g7jg-2p77: Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 Security Update 1 and 2022 SU8 Security Update 2 allows a remote unauthent
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 Security Update 1 and 2022 SU8 Security Update 2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-09
Published