Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Multiple vulnerabilities in Ivanti Endpoint Manager Mobile, Patch Immediately!
Image
Published : 15/10/2025
* Last update: 15/10/2025
* Affected software: Ivanti Endpoint Manager Mobile < 12.6.0.2 12.5.0.4 12.4.0.4
* Type:
→ CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
→ CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
* CVE/CVSS
→ CVE-2025-10242: CVSS 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-10243: CVSS 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-10985: CVSS 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-10986: CVSS 4.7 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L)
Sources
Risks
Multiple vulnerabilities in Ivanti Endpoint Manager Mobile could allow authenticated attackers to achieve remote code execution.
Attackers can then further compromise interconnected devices, such as managed mobile devices.
This vulnerability has a high impact on the confidentiality, integrity and availability of Invanti Endpoint Manager Mobile and the further managed devices.
Description
CVE-2025-10242, CVE-2025-10243, CVE-2025-10985 are high-severity vulnerabilities that allow remote authenticated attackers to perform OS command injection in the admin panel of Ivanti EPMM.
CVE-2025-10986 is a medium-severity vulnerability that allows path traversal in the admin panel of Ivanti. A remote authenticated attacker with admin privileges can write data to unintended locations on the disk.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
The Centre for Cybersecurity Belgium strongly recommends following the Ivanti advisory and updating to the latest version of Ivanti EPMM.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version or implementing specific mitigations may protect against future exploitation, it does not remediate historic compromise.
References
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-10242
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-10243
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-10985
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-10986