Three Ivanti Vulnerabilities Added to CISA’s Catalogue of Flaws

Global
Three Ivanti Vulnerabilities Added to CISA’s Catalogue of Flaws

Published:

Written by: Staff Editor
spot_img

Urgent Alert: CISA Identifies Actively Exploited Vulnerabilities in Ivanti Endpoint Manager and Advantive VeraCore

CISA Warns of Exploited Vulnerabilities in Ivanti Endpoint Manager: Urgent Patching Required

In a stark alert for businesses relying on Ivanti Endpoint Manager (EPM), the Cybersecurity and Infrastructure Security Agency (CISA) has cataloged five known vulnerabilities, three of which are particularly critical EPM flaws. Recent assessments suggest these vulnerabilities are not just theoretical risks—active exploitation is already underway.

The vulnerabilities include two SQL injection issues affecting Advantive VeraCore (CVE-2025-25181 and CVE-2024-57968) as well as three absolute path traversal vulnerabilities within Ivanti’s software (CVE-2024-13159, CVE-2024-13160, CVE-2024-13161). The ramifications are significant; these flaws allow remote, unauthenticated attackers potential full server access, raising alarms for companies across the federal landscape and beyond.

Heath Renfrow, CISO and Co-founder at Fenix24, emphasized the urgency of addressing these vulnerabilities, stating, “Given our recent experiences with Ivanti’s vulnerabilities, rapid patching and continuous hardening are imperative to mitigating organizational risk.”

Chris Gray, Field CTO at Deepwatch, painted a vivid metaphor for the situation, likening unpatched systems to a broken lock at home: “The dangers in not patching these flaws are very simple. Are you hoping that they’ll pick someone else?” Gray urged organizations to act immediately, suggesting that any systems susceptible to these vulnerabilities should be considered compromised.

With over 400,000 companies leveraging Ivanti’s technologies—ranging from virtual private networks to identity and access management—malicious actors see an abundance of opportunities. Experts underline that organizations must not only act swiftly to patch but also proactively search for any signs of compromise dating back to the vulnerabilities’ public disclosures.

As the cyber landscape continues to evolve, vigilance and proactive measures are more essential than ever. Companies must heed CISA’s warning and prioritize immediate actions to secure their systems.

spot_img

Related articles

Recent articles

ES-KO at 70: Celebrating Seven Decades of Excellence in Catering, Logistics, and Facility Management in Tough Environments

Regional
ES-KO: Celebrating 70 Years of Excellence in Catering and Facility Management ES-KO, a prominent player in the fields of catering, facility management, procurement, and...
Read more

Escalating Cyber Warfare: Iran, US, and Israel Clash on Military and Digital Battlegrounds

Resources
The Evolution of Warfare: Understanding the Hybrid Conflict in the Middle East Introduction to Hybrid Warfare In recent months, the Middle East has witnessed a significant...
Read more

70% of Online Fraud Linked to Fake Trading Apps; Maharashtra, UP, and Rajasthan Identify as Mule Account Hotspots

Global
The Rise of Online Investment Scams in India A Shift in Cybercrime Tactics In recent times, the landscape of online fraud has dramatically changed, reflecting a...
Read more

New Warning: Rising Cyber Threat from 0-Day MSHTML Attack

Fact Check
New Delhi | MSHTML Framework Vulnerability: A Rising Cyber Threat Cybersecurity experts are raising alarms regarding a newly identified vulnerability in the MSHTML framework, designated...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com