CVE-2025-22466CRITICAL 9.6EPSS p59.4%

CVE-2025-22466CVE-2025-22466

Description

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS1.03% probability of exploitation · percentile 59.4% · 2026-06-18T12:00:27Z
Published2025-04-08
Last modified2025-05-16

Underlying weaknesses· 1

CWE-79

References

  1. https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-8111
CVE
CVE-2025-9713
CVE
CVE-2025-22462
CVE
CVE-2025-9712
CVE
CVE-2025-9872
CVE
CVE-2025-22467
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.