CVE-2025-13661NVD

Vulnerability Summary

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.

Severity Level

HIGH(7.1)

Published Date

Dec 9, 2025

Last Modified

Dec 9, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-22: Path Traversal ↗

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredLow

User InteractionRequired

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-13661NVD

Vulnerability Summary

External References