Primary

Context

Ivanti Endpoint Manager Improper Signature Verification Vulnerability in Patch Management Component Allowing Remote Code Execution

Vulnerability

Patched

A vulnerability exists in the patch management component of Ivanti Endpoint Manager, affecting versions through 2024 SU4 and prior. This vulnerability arises from improper verification of cryptographic signatures, which allows a remote, unauthenticated attacker to execute arbitrary code. Exploitation of this vulnerability requires user interaction.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Remediation

Users can upgrade to Ivanti Endpoint Manager 2024 SU4 SR1, available for download through the Ivanti License System. This update applies to both core and remote consoles.

Added: Dec 9, 2025, 8:47 PM

Updated: Dec 9, 2025, 8:47 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

6.0

remediation

7.9

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

6.0

remediation

7.9

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Endpoint Manager Improper Signature Verification Vulnerability in Patch Management Component Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Ivanti Endpoint Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating