5 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Stored Cross-Site Scripting (XSS) in Ivanti Endpoint Manager (EPM)
CVSS Score: 9.6 (Critical)
Identifier: CVE-2025-10573
Exploit or Proof of Concept (PoC): None at this time
Update:
Ivanti has released security updates that address CVE-2025-10573. Administrators must update to EPM 2024 SU4 SR1 or later.
Official Ivanti advisory with patch details:
Description:
CVE-2025-10573 is caused by improper neutralization of user input within the Ivanti EPM web interface (CWE-79: Improper Neutralization of Input During Web Page Generation). An unauthenticated attacker can submit crafted registration or data-submission payloads that inject JavaScript into stored fields rendered on the administrator dashboard. When an admin opens the compromised page, the attacker-supplied script executes with full administrative context.
Mitigation Recommendation:
Patch Ivanti EPM immediately to version 2024 SU4 SR1 or later as provided in the advisory above.
Restrict access to the EPM web console to trusted administrative networks only.
Enforce MFA and review administrator account permissions; reduce the number of high-privilege accounts.
Review recent endpoint registrations, user-submitted fields, and any unexpected entries that may contain script-like or suspicious payloads.
Inspect administrator activity logs for anomalies, especially unexpected configuration changes or logins following dashboard interactions.
