Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-22464

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

Published

2025-04-08T15:15:49.310

Last Modified

2025-05-16T14:00:22.290

Status

Analyzed

Source

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-822
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ivanti	endpoint_manager	< 2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2024	Yes

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6 Vendor Advisory (3c1d8aa1-5a33-4ea4-8992-aadd6440af75)