Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Ivanti Patches Multiple Vulnerabilities for its Endpoint Manager Enabling RCE, Patch Immediately!
Image
Published : 10/12/2025
* Last update: 10/12/2025
* Affected software: Ivanti Endpoint Manager
→ • Affected versions: prior to version 2024 SU4 SR1* Type:
→ • Path Traversal
→ • Remote Code Execution (RCE)
* CVE/CVSS
→ • CVE-2025-10573: CVSS 9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
→ • CVE-2025-13659: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
→ • CVE-2025-13662: CVSS 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
→ • CVE-2025-13661: CVSS 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
Sources
Ivanti: https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024?language=en_US
Risks
Ivanti has released multiple security updates for its Endpoint Manager solution (EPM) solution that address one critical security vulnerability and three high severity vulnerabilities requiring user interaction.
CVE-2025-10573 is a critical stored Cross-Site Scripting (XSS) vulnerability which could allow a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session.
CVE-2025-13659 is an improper control of dynamically managed code resources affecting Ivanti EPM. Successful exploitation allows a remote attacker to, without any authentication, to write arbitrary files to the server. This could potentially lead to remote code execution.
CVE-2025-13662 is an improper verification cryptographic signatures in the patch management component of Ivanti EPM. Exploitation of this vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the affected system.
CVE-2025-13661 is s a path traversal vulnerability which could allow a remote attacker with valid authentication write arbitrary files outside of the intended directory, potentially compromising system integrity.
These vulnerabilities have a significant impact on confidentiality, integrity and availability of the affected systems.
Description
CVE-2025-10573 is a stored XSS vulnerability in Ivanti EPM versions prior to 2024 SU4 SR1. The vulnerability results from improper neutralisation of user-supplied data during the generation of the web page, allowing unauthenticated remote attacker to execute arbitrary scripts with the same privileges as the administrator, which could lead to session hijacking.
CVE-2025-13659 involves an Improper control of dynamically managed code resources in Ivanti EPM versions prior to 2024 SU4 SR1. This improper control results from insufficient validation or restrictions on dynamically managed code resources, allowing attackers to inject malicious files that could lead to remote code execution.
CVE-2025-13662 is an Improper verification of cryptographic signatures in the patch management component. The vulnerability affects all versions prior to Ivanti Endpoint Manager 2024 SU4 SR1. This vulnerability arises from improper verification of cryptographic signatures, allowing a remote unauthenticated attacker to execute arbitrary code on affected systems.
CVE-2025-13661 is path traversal vulnerability affecting Ivanti Endpoint Manager prior to version 2024 SU4 SR1. The vulnerability allows a remote authentication attacker to write arbitrary files outside of the intended directory.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version or implementing specific mitigations may protect against future exploitation, it does not remediate historic compromise.
References
Bleeping Computer : https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-endpoint-manager-code-execution-flaw/
SecurityWeek : https://www.securityweek.com/ivanti-epm-update-patches-critical-remote-code-execution-flaw/