anonhaven
Ad

CVE-2025-10918

HIGH CVSS 3.1: 7.1 EPSS 0.08%
Updated Nov 17, 2025
Ivanti
Parameter Value
CVSS 7.1 (HIGH)
Affected Versions before 2024
Fixed In 2024
Type CWE-276
Vendor Ivanti
Public PoC No

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-276

Vulnerable Products 6

Configuration From (including) Up to (excluding)
Ivanti Endpoint_Manager
cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
 2024
Ivanti Endpoint_Manager
cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*
Ivanti Endpoint_Manager
cpe:2.3:a:ivanti:endpoint_manager:2024:su1:*:*:*:*:*:*
Ivanti Endpoint_Manager
cpe:2.3:a:ivanti:endpoint_manager:2024:su2:*:*:*:*:*:*
Ivanti Endpoint_Manager
cpe:2.3:a:ivanti:endpoint_manager:2024:su3:*:*:*:*:*:*
Ivanti Endpoint_Manager
cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1:*:*:*:*:*:*

References 1

https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2025-for-EPM…
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1281

Ivanti

9.8

CVE-2025-22454

Ivanti

7.8

CVE-2024-38657

Ivanti

4.9

CVE-2025-22467

Ivanti

8.8

CVE-2024-47908

Ivanti

7.2