CVE-2025-11622

Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ivanti:endpoint_manager::::::::
	cpe:2.3:a:ivanti:endpoint_manager:2024:-::::::
	cpe:2.3:a:ivanti:endpoint_manager:2024:su1::::::
	cpe:2.3:a:ivanti:endpoint_manager:2024:su2::::::
	cpe:2.3:a:ivanti:endpoint_manager:2024:su3::::::
	cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1::::::

History

15 Oct 2025, 18:56

Type	Values Removed	Values Added
References	~~() https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025 -~~	() https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025 - Vendor Advisory
CPE		cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1:::::: cpe:2.3:a:ivanti:endpoint_manager:2024:su3:::::: cpe:2.3:a:ivanti:endpoint_manager:2024:su2:::::: cpe:2.3:a:ivanti:endpoint_manager:::::::: cpe:2.3:a:ivanti:endpoint_manager:2024:su1:::::: cpe:2.3:a:ivanti:endpoint_manager:2024:-::::::
First Time		Ivanti Ivanti endpoint Manager

13 Oct 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-13 21:15

Updated : 2025-10-15 18:56

NVD link : CVE-2025-11622

Mitre link : CVE-2025-11622

CVE.ORG link : CVE-2025-11622

JSON object : View

Products Affected

ivanti

endpoint_manager

CWE

CWE-502

Deserialization of Untrusted Data

7.8 /10