CVE-2025-9713HIGH 8.8EPSS p96.2%

CVE-2025-9713CVE-2025-9713

Description

Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS14.49% probability of exploitation · percentile 96.2% · 2026-06-18T12:00:27Z
Published2025-10-13
Last modified2025-11-11

Underlying weaknesses· 1

CWE-22

References

  1. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-9712
CVE
CVE-2025-13661
CVE
CVE-2025-9872
CVE
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
CVE
CVE-2025-13659
CVE
CVE-2025-22466
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.