VDB
GCVE-110-NCSC-2025-17
GCVE-110-NCSC-2025-17
Advisory PublishedCVSS 9.8/10
Ivanti heeft kwetsbaarheden verholpen in Ivanti Endpoint Manager (EPM) die aanwezig waren in versies vóór de januari 2025 beveiligingsupdates.
Weaknesses (CWE)
CWE-36Absolute Path TraversalCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-502Deserialization of Untrusted DataCWE-908Use of Uninitialized ResourceCWE-787Out-of-bounds WriteCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-434Unrestricted Upload of File with Dangerous TypeCWE-347Improper Verification of Cryptographic Signature
Risk Scores
CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| ivanti | ivanti_endpoint_manager__2024_su1 | — | — |
| ivanti | epm | — | — |
| ivanti | ivanti_endpoint_manager__2022_su6 | — | — |
| ivanti | ivanti_endpoint_manager__2024_security_patch | — | — |
| ivanti | endpoint_manager | — | — |
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.