Volerion logoVolerion
Volerion logoVolerion

Ivanti Endpoint Manager Remote Code Execution Vulnerability Due to Insufficient Filename Validation

Vulnerability

A remote code execution vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for both the 2024 and 2022 SU6 releases. This vulnerability arises from inadequate validation of filenames, allowing an unauthenticated attacker to execute arbitrary code remotely. Exploitation of this issue requires local user interaction.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can download the security hot patch for Ivanti Endpoint Manager 2024 and 2022 SU6 from the Ivanti License System (ILS). After applying the patch, it is recommended to run 'AgentEngineHashUpdate.exe' to update the hash values in the database. For EPM 2024, the patch is cumulative and includes previous security fixes. Users should reboot the core server after applying the patch.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
7.5
exploitability
6.0
remediation
7.7
relevance
0.0
threat
0.6
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.