cbcvebase.
CVE-2025-9712
published 2025-09-09

CVE-2025-9712: Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote…

PriorityP274high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
20.46%
97.2th percentile
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

Affected

3 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager< 20222022
ivantiendpoint_manager
ivantiendpoint_manager

Detection & IOCsextracted from sources · hover to see the quote

  • Insufficient filename validation (CWE-434: Unrestricted Upload of File with Dangerous Type) in Ivanti Endpoint Manager — monitor for suspicious file uploads or unexpected file extensions being submitted to EPM endpoints, particularly from unauthenticated remote sources.
  • User interaction is required for exploitation — phishing or social engineering vectors targeting EPM users should be considered in detection logic (e.g., monitoring for unusual user-initiated file operations on EPM).
  • ·Vulnerable versions are Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2. Patched versions are 2024 SU3 SR1 and 2022 SU8 SR2 respectively — ensure asset inventory reflects the exact build version to confirm exposure.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.