Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN430
_____________________________________________________________________

DATE                : 09/07/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Ivanti EPM versions prior to 
                         2022 SU8 Security Update 1, 2024 SU3.

=====================================================================
https://forums.ivanti.com/s/article/Security-Advisory-July-2025-for-Ivanti-EPM-2024-SU2-and-EPM-2022-SU8?language=en_US
_____________________________________________________________________

Security Advisory July 2025 for Ivanti EPM 2024 SU2 and EPM 2022 SU8

Primary Product
Endpoint Manager

Created Date
Jul 8, 2025 1:59:39 PM

Last Modified Date
Jul 8, 2025 2:10:50 PM


Security Advisory Ivanti EPM 2022 SU8 and EPM 2024 SU2 (Multiple CVEs) 

 
Summary 

Ivanti has released updates for Ivanti Endpoint Manager (EPM) which
addresses three high severity vulnerabilities. 

We are not aware of any customers being exploited by these
vulnerabilities at the time of disclosure. 

 
Vulnerability Details
 
CVE Number    Description    CVSS Score (Severity)     CVSS Vector 
CWE 

CVE-2025-6995    Improper use of encryption in the agent of Ivanti
Endpoint Manager before version 2024 SU3 and 2022 SU8 Security
Update 1 allows a local authenticated attacker to decrypt other
users’ passwords. 
8.4 (High) 
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 
CWE-257 

CVE-2025-6996     Improper use of encryption in the agent of Ivanti
Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update
1 allows a local authenticated attacker to decrypt other users’
passwords. 
8.4 (High) 
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 
CWE-257 

CVE-2025-7037     SQL injection in Ivanti Endpoint Manager before
version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote
authenticated attacker with admin privileges to read arbitrary
data from the database. 
7.2 (High) 
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 
CWE-89 

 

Affected Versions 

Product Name     Affected Version(s)    Resolved Version(s)   
Patch Availability 

Ivanti Endpoint Manager  2022 SU8 and prior
2022 SU8 Security Update 1     Download Available in ILS

Ivanti Endpoint Manager    2024 SU2 and prior   2024 SU3
Download Available in ILS 

 
Solution 

These vulnerabilities are resolved on the latest version of
the product and can be accessed in the licensing portal
(Login Required):  

    Ivanti Endpoint Manager 2024 SU3

    Ivanti Endpoint Manager 2022 SU8 Security Update 1

  
FAQ 

Are you aware of any active exploitation of these vulnerabilities? 

We are not aware of any customers being exploited by these
vulnerabilities prior to public disclosure. These
vulnerabilities were disclosed through our responsible
disclosure program.   

 
How can I tell if I have been compromised? 
Currently, there is no known public exploitation of this
vulnerability that could be used to provide a list of indicators
of compromise. 

What should I do if I need help?  

If you have questions after reviewing this information, you can
log a case and/or request a call via the Success Portal 

Article Number :
000100647

Article Promotion Level
Normal


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================