CNNVD-202509-1372 Information

Sep 09, 2025 cve

CNNVD ID

CNNVD-202509-1372

CVE-2025-9872

CNNVD Published: 2025-09-09

Description (Chinese)

Ivanti Endpoint Manager（EPM）是美国Ivanti公司的一套端点安全管理器。 Ivanti Endpoint Manager 2024 SU3 SR1之前版本和2022 SU8 SR2之前版本存在安全漏洞，该漏洞源于文件名验证不足，可能导致远程代码执行。

Description (English)

Ivanti Endpoint Manager (EPM) is an end-point security manager for Ivanti USA. There is a security loophole in previous versions of Ivanti Endpoint Manager 2024 SU3 SR1 and 2022 SU8 SR2, which stems from inadequate document name verification and may result in remote code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Ivanti

Published

2025-09-09

Last Modified

2026-02-24

References

https://forums.ivanti.com/s/article/Security-Advisory-September-2025-for-Ivanti-EPM-2024-SU3-and-EPM-2022-SU8

Patch

https://forums.ivanti.com/s/article/Security-Advisory-September-2025-for-Ivanti-EPM-2024-SU3-and-EPM-2022-SU8

Share on: