CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-9872

Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.7%

CVSS Severity

CVSS v3 Score 8.8

References

https://forums.ivanti.com/s/article/Security-Advisory-September-2025-for-Ivanti-EPM-2024-SU3-and-EPM-2022-SU8

Products affected by CVE-2025-9872

Ivanti » Endpoint Manager » Version: 2021.1.1

cpe:2.3:a:ivanti:endpoint_manager:2021.1.1
Ivanti » Endpoint Manager » Version: 2022

cpe:2.3:a:ivanti:endpoint_manager:2022
Ivanti » Endpoint Manager » Version: 2024

cpe:2.3:a:ivanti:endpoint_manager:2024

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-9872

Products

Pricing

Contact Us