Ivanti Product Security Update Advisory

Dec 11 2025

Overview

We have released a security update to fix vulnerabilities in Ivanti products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-10573, CVE-2025-13659, CVE-2025-13661, CVE-2025-13662

Ivanti Endpoint Manager versions: 2024 SU4 and earlier

Resolved Vulnerabilities

Stored XSS vulnerability in Ivanti Endpoint Manager (CVE-2025-10573)
Arbitrary file creation vulnerability due to improper control of dynamically managed code resources in Ivanti Endpoint Manager (CVE-2025-13659)
Path traversal vulnerability in Ivanti Endpoint Manager (CVE-2025-13661)
Password Signature Insufficient Verification Vulnerability in Ivanti Endpoint Manager (CVE-2025-13662)

Vulnerability Patches

vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-10573, CVE-2025-13659, CVE-2025-13661, CVE-2025-13662

Ivanti Endpoint Manager version: 2024 SU4 SR1

References

[1] Mozilla Foundation Security Advisory 2025-47
https://www.mozilla.org/en-US/security/advisories/mfsa2025-47/

Ivanti Product Security Update Advisory

MS Family December 2025 Security Update Advisory

Fortinet Product Security Update Advisory

Tags:

MS Family December 2025 Security Update Advisory

Fortinet Product Security Update Advisory