CNVD-2025-30742 — Vulnetix

CNVD-2025-30742 PUBLISHED CVSS 9.800000190734863 CRITICAL

Ivanti EPM是一款由Ivanti公司开发的综合性端点管理解决方案。 Ivanti EPM存在绝对路径遍历漏洞，攻击者可利用该漏洞获取敏感信息。

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Ivanti	Endpoint Manager	2024 January-2025 Security Update, 2022 SU6 January-2025 Security Update

Exploit Intelligence

CIRCL seen: CVE-2024-10811 (circl-sighting)
CIRCL published-proof-of-concept: CVE-2024-10811 (circl-sighting)
CIRCL seen: CVE-2024-10811 (circl-sighting)
CIRCL seen: CVE-2024-10811 (circl-sighting)
CIRCL seen: CVE-2024-10811 (circl-sighting)
CIRCL seen: CVE-2024-10811 (circl-sighting)
https://www.horizon3.ai/attack-research/attack-blogs/ivanti-endpoint-manager-multiple-credential-coercion-vulnerabilities/ (circl)
https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 (circl)
CIRCL seen: CVE-2024-10811 (circl-sighting)
CIRCL seen: CVE-2024-10811 (circl-sighting)

…and 11 more exploits

Timeline

Jan 14, 2025 CVE Published
Jan 14, 2025 PoC Published
Jan 14, 2025 PoC Published
Jan 14, 2025 PoC Published
Jan 14, 2025 PoC Published
Jan 14, 2025 PoC Published
Jan 16, 2025 PoC Published
Jan 16, 2025 PoC Published
Jan 17, 2025 PoC Published
Jan 17, 2025 PoC Published
Jan 17, 2025 PoC Published
Jan 23, 2025 CVE ID Reserved

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›