CVE-2025-9872 | Ivanti Endpoint Manager - Endpoint Manager Operational Intel

Executive Risk Summary

"A remote code execution vulnerability exists in Ivanti Endpoint Manager due to insufficient filename validation, allowing an unauthenticated attacker to execute code with user interaction. This vulnerability affects versions prior to 2024 SU3 SR1 and 2022 SU8 SR2."

Operational Audit Arsenal

Target Type Executable

Target Asset Ivanti Endpoint Manager

Standard Path %programfiles%IvantiEndpoint Manager

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: Ivanti Endpoint Manager (Executable)
$Targets = 'Ivanti Endpoint Manager'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Moderate

Internal Work Notes

Apply Ivanti Endpoint Manager patch to mitigate remote code execution vulnerability (CVE-2025-9872)

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://forums.ivanti.com/s/article/Security-Advisory-September-2025-for-Ivanti-EPM-2024-SU3-and-EPM-2022-SU8

Related Ivanti Threats

CVE-2024-11639 CVSS 10

Ivanti Cloud Services Application - Admin Web Console

CVE-2025-22467 CVSS 9.9

Ivanti Connect Secure - Connect Secure

CVE-2023-46808 CVSS 9.9

Ivanti Neurons for ITSM - File Upload Component

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.