Three Ivanti Vulnerabilities Added to CISA’s Catalogue of Flaws

Global
Three Ivanti Vulnerabilities Added to CISA’s Catalogue of Flaws

Published:

Written by: Staff Editor
spot_img

Urgent Alert: CISA Identifies Actively Exploited Vulnerabilities in Ivanti Endpoint Manager and Advantive VeraCore

CISA Warns of Exploited Vulnerabilities in Ivanti Endpoint Manager: Urgent Patching Required

In a stark alert for businesses relying on Ivanti Endpoint Manager (EPM), the Cybersecurity and Infrastructure Security Agency (CISA) has cataloged five known vulnerabilities, three of which are particularly critical EPM flaws. Recent assessments suggest these vulnerabilities are not just theoretical risks—active exploitation is already underway.

The vulnerabilities include two SQL injection issues affecting Advantive VeraCore (CVE-2025-25181 and CVE-2024-57968) as well as three absolute path traversal vulnerabilities within Ivanti’s software (CVE-2024-13159, CVE-2024-13160, CVE-2024-13161). The ramifications are significant; these flaws allow remote, unauthenticated attackers potential full server access, raising alarms for companies across the federal landscape and beyond.

Heath Renfrow, CISO and Co-founder at Fenix24, emphasized the urgency of addressing these vulnerabilities, stating, “Given our recent experiences with Ivanti’s vulnerabilities, rapid patching and continuous hardening are imperative to mitigating organizational risk.”

Chris Gray, Field CTO at Deepwatch, painted a vivid metaphor for the situation, likening unpatched systems to a broken lock at home: “The dangers in not patching these flaws are very simple. Are you hoping that they’ll pick someone else?” Gray urged organizations to act immediately, suggesting that any systems susceptible to these vulnerabilities should be considered compromised.

With over 400,000 companies leveraging Ivanti’s technologies—ranging from virtual private networks to identity and access management—malicious actors see an abundance of opportunities. Experts underline that organizations must not only act swiftly to patch but also proactively search for any signs of compromise dating back to the vulnerabilities’ public disclosures.

As the cyber landscape continues to evolve, vigilance and proactive measures are more essential than ever. Companies must heed CISA’s warning and prioritize immediate actions to secure their systems.

spot_img

Related articles

Recent articles

84 Hours of Internet Blackout in Iran Amid Growing Unrest

Dark Watch
Iran's Internet Blackout: A Deepening Crisis Amid Unrest Four Days Without Connectivity Iran has plunged into a state of digital isolation as an internet blackout enters...
Read more

NSA Appoints Timothy Kosiba to Lead Cybersecurity Strategy

Resources
Appointment of Timothy Kosiba as NSA Deputy Director: A Leadership Milestone The National Security Agency (NSA) has recently announced a pivotal leadership change with the...
Read more

Comprehensive Threat Analysis of Cyber Campaigns in the UAE for H1 2025

Regional
Understanding the Cybersecurity Threat Landscape in the UAE: Insights from 2025 An analysis by Alain Penel, Vice President for the Middle East, Turkey, and CIS...
Read more

2026 Business Blast Radius: Dr. Amit Chaubey on Cyber Disruption as a Sovereign Risk

Dark Watch
The 2026 Business Blast Radius: Insights from Dr. Amit Chaubey In a recent conversation with The Cyber Express, Dr. Amit Chaubey, the Managing Director and...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com