CVE-2025-11622
📛 CVE Title
CVE-2025-11622
Description
Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.
Overview
- State
- PUBLISHED
- Assigner (CNA)
- ivanti
- CVSS severity
- HIGH
- CVSS score
- 7.8 / 10
- CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H- Effective score
- 7.8 / 10 HIGH source: CNA overview
- CWE(s)
-
CWE-502 - Reserved
- 2025-10-10
- Published
- 2025-10-13 23:07 UTC
- Last updated
- 2026-02-26 18:47 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/11xxx/CVE-2025-11622.json
- Linked Threat
- CVE-2025-11622 — CVE-2025-11622
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2025-34086 - Assigner
- ivanti
- Published
- Oct 13, 2025, 9:07:50 PM
- Updated
- Feb 26, 2026, 5:47:44 PM
- EUVD base score (CVSS 3.1)
-
7.8 / 10
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - EUVD-reported EPSS
- 0.1800
- Vendors
- Ivanti
- Products
-
Endpoint Manager (2022 SU8 SR2)Endpoint Manager (2024 SU3 SR1)Endpoint Manager (patch: 2024 SU4)
- Aliases
-
GHSA-rqqv-ff68-qw2w
ENISA description: Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Ivanti | Endpoint Manager |
2024 SU4 (unaffected)
|
— |
Remediations (10)
Remediations are stored against the linked Threat row; the list below is deduplicated across both pages.
-
web:aviatrix.ai
Microsoft's November 2025 Patch Tuesday addresses an actively exploited Windows Kernel privilege escalation ( CVE - 2025 -62215) and critical vulnerabilities in GDI+, DirectX, and Office.
2026-05-22 11:42 UTC -
web:cybersecuritynews.com
Microsoft rolled out its November 2025 Patch Tuesday security updates today, addressing 63 vulnerabilities across its product and service ecosystem. Among these, one zero-day flaw has already been exploited in the wild, underscoring the urgency for organizations and users to apply patches promptly to mitigate potential threats.
2026-05-22 11:42 UTC -
web:feedly.com
This vulnerability affects Ivanti Endpoint Manager 2024 SU3 SR1 and earlier, but it has been remediated in Ivanti Endpoint Manager 2024 SU4. Additionally, two other vulnerabilities, CVE - 2025 -9713 and CVE-2025-11622 , were disclosed in October 2025 and are also resolved in the latest patch . See article
2026-05-22 11:42 UTC -
web:portal.msrc.microsoft.com
The Security Update Guide provides information on the latest Microsoft security updates, helping users understand and address potential vulnerabilities effectively.
2026-05-22 11:42 UTC -
web:www.bleepingcomputer.com
Today is Microsoft's November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability.
2026-05-22 11:42 UTC -
web:www.brinztech.com
Microsoft's November 2025 Patch Tuesday fixes 63 vulnerabilities, including an actively exploited Windows Kernel zero-day ( CVE - 2025 -62215). SAP has also released critical patches, including a 10.0 CVSS flaw ( CVE - 2025 -42890) that requires immediate mitigation .
2026-05-22 11:42 UTC -
web:www.crowdstrike.com
Microsoft has released security updates for 63 vulnerabilities, including 1 zero-day and 4 critical vulnerabilities, in its November 2025 Patch Tuesday rollout.
2026-05-22 11:42 UTC -
web:www.elevenforum.com
October 2025 Security Updates This release consists of the following 175 Microsoft CVEs : Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations ? Agere Windows Modem Driver CVE - 2025 -24052 Agere Windows Modem Driver CVE - 2025 -24990 Microsoft PowerShell CVE - 2025 -25004 Windows...
2026-05-22 11:42 UTC -
web:www.nist.gov
NIST maintains the National Vulnerability Database (NVD), a repository of information on software and hardware flaws that can compromise computer security. This is a key piece of the nation's cybersecurity infrastructure.
2026-05-22 11:42 UTC -
web:www.tomsguide.com
November's Patch Tuesday updates fix 63 flaws in total but two of them are critical vulnerabilities that require your immediate attention.
2026-05-22 11:42 UTC
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
Web references (0)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
No web references attached yet.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2025-11622.json.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T03:55:16.521269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:44.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Endpoint Manager",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "2024 SU4",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span>"
}
],
"value": "Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T15:04:37.871Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-11622",
"datePublished": "2025-10-13T21:07:50.065Z",
"dateReserved": "2025-10-10T20:11:07.566Z",
"dateUpdated": "2026-02-26T17:47:44.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}