Ivanti EPM Update Patches Critical Remote Code Execution Flaw
The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek.
Ivanti on Tuesday announced patches for four vulnerabilities in Endpoint Manager (EPM), including a critical-severity flaw leading to remote code execution (RCE).
The security defect, tracked as CVE-2025-10573 (CVSS score of 9.6), is described as a stored cross-site scripting (XSS) issue that can be exploited without authentication.
Providing organizations with remote administration, vulnerability scanning, and management of connected systems, Ivanti EPM includes an API that consumes device scan data.
Source: https://www.securityweek.com/ivanti-epm-update-patches-critical-remote-code-execution-flaw/
Related breach coverage
- HPE Patches Critical Flaw in IT Infrastructure Management Software2025-12-18
Tracked as CVE-2025-37164, the critical flaw could allow unauthenticated, remote attackers to execute arbitrary code. The post HPE Patches Critical Flaw in IT Infrastructure Management Software appeared first on SecurityWeek.
- Ivanti Patches Exploited EPMM Zero-Days2026-01-30
The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.
- Fortinet Patches Critical FortiSandbox Vulnerabilities2026-04-15
The flaws could allow attackers to bypass authentication or execute arbitrary code or commands via HTTP requests. The post Fortinet Patches Critical FortiSandbox Vulnerabilities appeared first on SecurityWeek.
- SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager2025-11-11
Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments. The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek.