SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00456}

epss

{'score': 0.00602}


Fri, 16 May 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti endpoint Manager
CPEs cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su6:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti endpoint Manager

Tue, 08 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 08 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
Description SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2025-04-09T04:00:30.953Z

Reserved: 2025-01-07T02:19:22.797Z

Link: CVE-2025-22461

cve-icon Vulnrichment

Updated: 2025-04-08T15:17:06.278Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-08T15:15:49.167

Modified: 2025-05-16T14:00:20.580

Link: CVE-2025-22461

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.