8.8
CVE-2025-13659
- EPSS 0.32%
- Veröffentlicht 09.12.2025 16:17:35
- Zuletzt bearbeitet 11.12.2025 17:35:16
- Quelle 3c1d8aa1-5a33-4ea4-8992-aadd64
- CVE-Watchlists
- Unerledigt
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Endpoint Manager Version < 2024
Ivanti ≫ Endpoint Manager Version2024 Update-
Ivanti ≫ Endpoint Manager Version2024 Updatesu1
Ivanti ≫ Endpoint Manager Version2024 Updatesu2
Ivanti ≫ Endpoint Manager Version2024 Updatesu3
Ivanti ≫ Endpoint Manager Version2024 Updatesu3_security_release_1
Ivanti ≫ Endpoint Manager Version2024 Updatesu4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.548 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-913 Improper Control of Dynamically-Managed Code Resources
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.