CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13661

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.7%

CVSS Severity

CVSS v3 Score 7.1

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024

Products affected by CVE-2025-13661

Ivanti » Endpoint Manager » Version: 2016.4

cpe:2.3:a:ivanti:endpoint_manager:2016.4
Ivanti » Endpoint Manager » Version: 2017.1

cpe:2.3:a:ivanti:endpoint_manager:2017.1
Ivanti » Endpoint Manager » Version: 2017.3

cpe:2.3:a:ivanti:endpoint_manager:2017.3
Ivanti » Endpoint Manager » Version: 2018.1

cpe:2.3:a:ivanti:endpoint_manager:2018.1
Ivanti » Endpoint Manager » Version: 2018.3

cpe:2.3:a:ivanti:endpoint_manager:2018.3
Ivanti » Endpoint Manager » Version: 2019.1

cpe:2.3:a:ivanti:endpoint_manager:2019.1
Ivanti » Endpoint Manager » Version: 2020.1

cpe:2.3:a:ivanti:endpoint_manager:2020.1
Ivanti » Endpoint Manager » Version: 2020.1.1

cpe:2.3:a:ivanti:endpoint_manager:2020.1.1
Ivanti » Endpoint Manager » Version: 2021.1

cpe:2.3:a:ivanti:endpoint_manager:2021.1
Ivanti » Endpoint Manager » Version: 2021.1.1

cpe:2.3:a:ivanti:endpoint_manager:2021.1.1
Ivanti » Endpoint Manager » Version: 2022

cpe:2.3:a:ivanti:endpoint_manager:2022
Ivanti » Endpoint Manager » Version: 2024

cpe:2.3:a:ivanti:endpoint_manager:2024
Ivanti » Endpoint Manager » Version: 7.9.1.285

cpe:2.3:a:ivanti:endpoint_manager:7.9.1.285

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13661

Products

Pricing

Contact Us