Primary

Context

Ivanti Endpoint Manager Out-of-Bounds Write Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 security update for both the 2024 and 2022 SU6 releases. The vulnerability arises from an out-of-bounds write, allowing remote unauthenticated attackers to disrupt service.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, disrupting normal application functionality.

Remediation

Users can apply the January 2025 security hot patch available through the Ivanti License System (ILS) to address this vulnerability. After applying the patch, it's recommended to run 'AgentEngineHashUpdate.exe' to update the agent hashes in the database. For EPM 2024, the patch can be applied directly to the core server and remote consoles. For EPM 2022 SU6, the same process applies.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Endpoint Manager Out-of-Bounds Write Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Ivanti Endpoint Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating