Ivanti Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in Ivanti products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-9712, CVE-2025-9872

 

Ivanti Endpoint Manager versions: 2022 SU8 Security Update 1 and earlier
Ivanti Endpoint Manager version: 2024 SU3 or earlier

 

 

Resolved Vulnerabilities

 

Remote code execution vulnerability due to insufficient filename validation in Ivanti Endpoint Manager (CVE-2025-9712)
Remote code execution vulnerability due to insufficient filename validation in Ivanti Endpoint Manager (CVE-2025-9872)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-9712, CVE-2025-9872

 

Ivanti Endpoint Manager version: 2022 SU8 Security Release 2
Ivanti Endpoint Manager version: 2024 SU3 Security Release 1

 

 

References

 

[1] Security Advisory September 2025 for Ivanti EPM 2024 SU3 and EPM 2022 SU8
https://forums.ivanti.com/s/article/Security-Advisory-September-2025-for-Ivanti-EPM-2024-SU3-and-EP..