CVE-2025-13661
📛 CVE Title
CVE-2025-13661
Description
Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.
Overview
- State
- PUBLISHED
- Assigner (CNA)
- ivanti
- CVSS severity
- HIGH
- CVSS score
- 7.1 / 10
- CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H- Effective score
- 7.1 / 10 HIGH source: CNA overview
- CWE(s)
-
CWE-22 - Reserved
- 2025-11-25
- Published
- 2025-12-09 17:01 UTC
- Last updated
- 2026-02-26 17:57 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/13xxx/CVE-2025-13661.json
- Linked Threat
- CVE-2025-13661 — CVE-2025-13661
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2025-202288 - Assigner
- ivanti
- Published
- Dec 9, 2025, 4:01:18 PM
- Updated
- Feb 26, 2026, 4:57:04 PM
- EUVD base score (CVSS 3.1)
-
7.1 / 10
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H - EUVD-reported EPSS
- 1.2500
- Vendors
- Ivanti
- Products
-
Endpoint Manager (patch: 2024 SU4 SR1)
- Aliases
-
GHSA-jmwc-734c-7frf
ENISA description: Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Ivanti | Endpoint Manager |
2024 SU4 SR1 (unaffected)
|
— |
Remediations (10)
Remediations are stored against the linked Threat row; the list below is deduplicated across both pages.
-
web:blog.qualys.com
Key Takeaways RedSun is a critical zero-day vulnerability in Microsoft Defender that allows low-privileged users to gain SYSTEM access No patch is currently available, leaving all Defender-enabled Windows systems potentially exposed Qualys VMDR detects affected assets instantly (QID 92382) TruRisk™ Eliminate enables immediate mitigation , removing exploitability without waiting for a fix ...
2026-05-22 11:51 UTC -
web:cybersecuritynews.com
Microsoft released its final Patch Tuesday updates of 2025 on December 9, addressing 56 security vulnerabilities across Windows, Office, Exchange Server, and other components.
2026-05-22 11:51 UTC -
web:portal.msrc.microsoft.com
The Security Update Guide provides information on the latest Microsoft security updates, helping users understand and address potential vulnerabilities effectively.
2026-05-22 11:51 UTC -
web:support.servicenow.com
Overview The advisories below document publicly disclosed Common Vulnerabilities and Exposures ( CVEs ) in the Now Platform by ServiceNow. Because ServiceNow uses various methods to communicate vulnerability information, patches, and other fixes, customers should review family, security patch , and hotfix release notes, which are available at https://docs.servicenow.com, for a complete list of ...
2026-05-22 11:51 UTC -
web:www.bleepingcomputer.com
Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates.
2026-05-22 11:51 UTC -
web:www.computerworld.com
Each month, the team at Readiness analyzes the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. The company's Patch Tuesday release for February ...
2026-05-22 11:51 UTC -
web:www.maketecheasier.com
Check out the latest Windows 11 and Windows 10 update problems and their solutions, as recommended by Microsoft experts.
2026-05-22 11:51 UTC -
web:www.ninjaone.com
Catalog of Microsoft KB updates with insights on performance & user sentiment. Find out what's working, what's not, & make informed decisions.
2026-05-22 11:51 UTC -
web:www.oracle.com
This Critical Patch Update contains 374 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at October 2025 Critical Patch Update: Executive Summary and Analysis.
2026-05-22 11:51 UTC -
web:www.ultimatewindowssecurity.com
How to Detect Pass-the-Hash Attacks Blog Series Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818 Detecting Pass-the-Hash with Honeypots Catch Malware Hiding in WMI with Sysmon For of all sad words of tongue or pen, the saddest are these: 'We weren't logging' Experimenting with Windows Security: Controls for Enforcing Policies Sysmon Event IDs 1, 6, 7 Report All the ...
2026-05-22 11:51 UTC
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
Web references (0)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
No web references attached yet.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2025-13661.json.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T04:57:20.319548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:04.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Endpoint Manager",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "2024 SU4 SR1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required."
}
],
"value": "Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:01:18.193Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-13661",
"datePublished": "2025-12-09T16:01:18.193Z",
"dateReserved": "2025-11-25T16:14:43.701Z",
"dateUpdated": "2026-02-26T16:57:04.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}