← Back

CVE-2025-11622

nvd nist
Published: Oct 13, 2025Modified: Nov 11, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 (Secondary)

Description

Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.

Affected (6)

Ivanti
1 product
Endpoint Manager
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Ivanti
Endpoint Manager
Before 2024
Endpoint Manager
Version 2024
Endpoint Manager
Version 2024 su1
Endpoint Manager
Version 2024 su2
Endpoint Manager
Version 2024 su3
Endpoint Manager
Version 2024 su3_security_release_1

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (1)

Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Vendor Advisory

Timeline

No history available yet.