CVE-2025-13659
📛 CVE Title
CVE-2025-13659
Description
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
Overview
- State
- PUBLISHED
- Assigner (CNA)
- ivanti
- CVSS severity
- HIGH
- CVSS score
- 8.8 / 10
- CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H- Effective score
- 8.8 / 10 HIGH source: CNA overview
- CWE(s)
-
CWE-913 - Reserved
- 2025-11-25
- Published
- 2025-12-09 16:59 UTC
- Last updated
- 2026-02-26 17:57 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/13xxx/CVE-2025-13659.json
- Linked Threat
- CVE-2025-13659 — CVE-2025-13659
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2025-202287 - Assigner
- ivanti
- Published
- Dec 9, 2025, 3:59:18 PM
- Updated
- Feb 26, 2026, 4:57:05 PM
- EUVD base score (CVSS 3.1)
-
8.8 / 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - EUVD-reported EPSS
- 1.1700
- Vendors
- Ivanti
- Products
-
Endpoint Manager (patch: 2024 SU4 SR1)
- Aliases
-
GHSA-562r-f8r6-c7wj
ENISA description: Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Ivanti | Endpoint Manager |
2024 SU4 SR1 (unaffected)
|
— |
Remediations (10)
Remediations are stored against the linked Threat row; the list below is deduplicated across both pages.
-
web:cisa.gov
Update (08/12/ 2025 ): CISA has updated this alert to provide clarification on identifying Exchange Servers on an organization's networks and provided further guidance on running the Microsoft Exchange Health Checker. Update (08/07/ 2025 ): CISA issued Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE - 2025 -53786
2026-05-22 11:51 UTC -
web:feedly.com
Classification: Critical, Solution: Official Fix , Exploit Maturity: Not Defined, CVSSv3.1: 9.6, CVEs : CVE - 2025 -10573, CVE-2025-13659 , CVE - 2025 -13661, CVE - 2025 -13662, Summary: Ivanti has released an update for Ivanti Endpoint Manager (EPM) which addresses three high severity vulnerabilities and one critical severity vulnerability in the EPM core and remote consoles. Affected: 2024 SU4 and prior ...
2026-05-22 11:51 UTC -
web:gbhackers.com
Microsoft has released its September 2025 Patch Tuesday update, addressing a total of 81 security vulnerabilities across its product portfolio.
2026-05-22 11:51 UTC -
web:isc.sans.edu
Users should prioritize patching these vulnerabilities to prevent unauthorized code execution. Additionally, the Windows Kerberos Elevation of Privilege Vulnerability ( CVE - 2025 -53779), a disclosed zero-day, requires high privileges to exploit but could lead to domain administrator access, necessitating careful monitoring and mitigation .
2026-05-22 11:51 UTC -
web:krebsonsecurity.com
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities ...
2026-05-22 11:51 UTC -
web:portal.msrc.microsoft.com
The Security Update Guide provides information on the latest Microsoft security updates, helping users understand and address potential vulnerabilities effectively.
2026-05-22 11:51 UTC -
web:www.bleepingcomputer.com
Today is Microsoft's September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed zero-day vulnerabilities.
2026-05-22 11:51 UTC -
web:www.csoonline.com
Forty-one of them were zero days, and researchers at Tenable estimate that elevation of privilege vulnerabilities accounted for about 38.3% of all Patch Tuesday vulnerabilities in 2025 , followed ...
2026-05-22 11:51 UTC -
web:www.oracle.com
This Critical Patch Update contains 374 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at October 2025 Critical Patch Update: Executive Summary and Analysis.
2026-05-22 11:51 UTC -
web:www.tenable.com
Key takeaways: Microsoft's 2025 Patch Tuesday releases addressed 1,130 CVEs . This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in 2025 , followed by Remote Code Execution flaws at 30.8%. 41 zero-day vulnerabilities were addressed across all Patch Tuesday releases in 2025 , including ...
2026-05-22 11:51 UTC
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
Web references (0)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
No web references attached yet.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2025-13659.json.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T04:57:19.152848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:05.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Endpoint Manager",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "2024 SU4 SR1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required."
}
],
"value": "Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required."
}
],
"impacts": [
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T15:59:18.340Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-13659",
"datePublished": "2025-12-09T15:59:18.340Z",
"dateReserved": "2025-11-25T16:07:00.543Z",
"dateUpdated": "2026-02-26T16:57:05.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}