CVE-2025-9872
published 2025-09-09CVE-2025-9872: Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote…
PriorityP271high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
13.47%
96.0th percentile
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager | < 2022 | 2022 |
| ivanti | endpoint_manager | — | — |
| ivanti | endpoint_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is CWE-434 (Unrestricted Upload of File with Dangerous Type) — monitor for suspicious file uploads to Ivanti Endpoint Manager endpoints, particularly files with unexpected or double extensions that bypass filename validation ↗
- →Attack is remotely exploitable by unauthenticated attackers but requires user interaction — consider alerting on unauthenticated file upload requests to Ivanti EPM web-facing components combined with subsequent process execution anomalies ↗
- ·Patched versions are 2024 SU3 SR1 and 2022 SU8 SR2 — verify deployed Ivanti Endpoint Manager version is at or above these thresholds to confirm exposure ↗
- ·CVSS score of 8.8 (HIGH) with CWE-434 indicates the attack vector is network-based file upload; ensure perimeter controls restrict unauthenticated access to Ivanti EPM upload functionality ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8wf3-p67r-cxmw: Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 Security Update 1 and 2022 SU8 Security Update 2 allows a remote unauthent
ghsa_unreviewed·2025-09-09
CVE-2025-9872 [HIGH] CWE-434 GHSA-8wf3-p67r-cxmw: Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 Security Update 1 and 2022 SU8 Security Update 2 allows a remote unauthent
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 Security Update 1 and 2022 SU8 Security Update 2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Ivanti
Ivanti Security Advisory: CVE-2025-9872
vendor_ivanti·2025-09-09·CVSS 8.8
CVE-2025-9872 [HIGH] CWE-434 Ivanti Security Advisory: CVE-2025-9872
Ivanti Security Advisory: CVE-2025-9872
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
CVE IDs: CVE-2025-9872
CVSS Base Score: 8.8
Severity: HIGH
CWEs: CWE-434
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-09
Published