Detections
Analytics
Ivanti Endpoint Manager < 2022 SU8 Security Update 1 / 2024 < 2024 SU3 July 2025 Security Update
high Nessus Plugin ID 241957
Language:
Synopsis
The instance of Ivanti Endpoint Manager running on the remote host is affected by multiple vulnerabilitiesDescription
The version of Ivanti Endpoint Manager running on the remote host is prior to 2022 SU8 Security Update 1 or 2024 prior to 2024 SU3. It is, therefore, affected by multiple vulnerabilities:- Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users' passwords. (CVE-2025-6995, CVE-2025-6996)
- SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database. (CVE-2025-7037)
Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version number of the affected dll files.
Solution
Upgrade to Ivanti Endpoint Manager 2022 SU8 Security Update 1 or 2024 SU3 or later.See Also
Plugin Details
Severity: High
ID: 241957
File Name: ivanti_endpoint_manager_EPM_2024_SU3_July_2025.nasl
Version: 1.2
Type: local
Agent: windows
Family: Windows
Published: 7/11/2025
Updated: 7/11/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.2
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:N
CVSS Score Source: CVE-2025-6995
CVSS v3
Risk Factor: High
Base Score: 8.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Information
CPE: cpe:/a:ivanti:endpoint_manager
Required KB Items: installed_sw/Ivanti Endpoint Manager
Patch Publication Date: 7/9/2025
Vulnerability Publication Date: 7/9/2025
Reference Information
CVE: CVE-2025-6995, CVE-2025-6996, CVE-2025-7037
IAVA: 2025-A-0483