Ivanti Product Security Update Advisory

May 08 2025

Overview

We have released a security update to fix vulnerabilities in Ivanti products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-22466, CVE-2025-22458, CVE-2025-22461

Endpoint Manager Versions: 2022 SU6 and earlier
Endpoint Manager Version: 2024

Resolved Vulnerabilities

Reflective cross scripting vulnerability that could allow a remote, unauthenticated attacker to gain administrator privileges (CVE-2025-22466)
dLL hijacking vulnerability that could allow an authenticated attacker to escalate privileges to SYSTEM privileges (CVE-2025-22458)
sQL injection that could allow remote, authenticated, administrator privileged attackers to execute code (CVE-2025-22461)

Vulnerability Patches

vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-22466, CVE-2025-22458, CVE-2025-22461

Endpoint Manager version: 2022 SU7
Endpoint Manager version: 2024 SU1

References

[1] Security Advisory April 2025 for Ivanti EPM 2024 and EPM 2022 SU6
https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US&_gl=1*1nop70e*_gcl_au*MTM5Mjc1MzEzNC4xNzQ2NjY4ODA0

Ivanti Product Security Update Advisory

Google Android Family May 2025 Routine Security Update Advisory

Amazon AWS Amplify Studio Security Update Advisory (CVE-2025-4318)

Tags:

Google Android Family May 2025 Routine Security Update Advisory

Amazon AWS Amplify Studio Security Update Advisory (CVE-2025-4318)