Three Ivanti Vulnerabilities Added to CISA’s Catalogue of Flaws

Published:

spot_img

Urgent Alert: CISA Identifies Actively Exploited Vulnerabilities in Ivanti Endpoint Manager and Advantive VeraCore

CISA Warns of Exploited Vulnerabilities in Ivanti Endpoint Manager: Urgent Patching Required

In a stark alert for businesses relying on Ivanti Endpoint Manager (EPM), the Cybersecurity and Infrastructure Security Agency (CISA) has cataloged five known vulnerabilities, three of which are particularly critical EPM flaws. Recent assessments suggest these vulnerabilities are not just theoretical risks—active exploitation is already underway.

The vulnerabilities include two SQL injection issues affecting Advantive VeraCore (CVE-2025-25181 and CVE-2024-57968) as well as three absolute path traversal vulnerabilities within Ivanti’s software (CVE-2024-13159, CVE-2024-13160, CVE-2024-13161). The ramifications are significant; these flaws allow remote, unauthenticated attackers potential full server access, raising alarms for companies across the federal landscape and beyond.

Heath Renfrow, CISO and Co-founder at Fenix24, emphasized the urgency of addressing these vulnerabilities, stating, “Given our recent experiences with Ivanti’s vulnerabilities, rapid patching and continuous hardening are imperative to mitigating organizational risk.”

Chris Gray, Field CTO at Deepwatch, painted a vivid metaphor for the situation, likening unpatched systems to a broken lock at home: “The dangers in not patching these flaws are very simple. Are you hoping that they’ll pick someone else?” Gray urged organizations to act immediately, suggesting that any systems susceptible to these vulnerabilities should be considered compromised.

With over 400,000 companies leveraging Ivanti’s technologies—ranging from virtual private networks to identity and access management—malicious actors see an abundance of opportunities. Experts underline that organizations must not only act swiftly to patch but also proactively search for any signs of compromise dating back to the vulnerabilities’ public disclosures.

As the cyber landscape continues to evolve, vigilance and proactive measures are more essential than ever. Companies must heed CISA’s warning and prioritize immediate actions to secure their systems.

spot_img

Related articles

Recent articles

Consolidation Strengthens Cybersecurity in the MENA Region Amid Rising Threats

Consolidation Strengthens cybersecurity in the MENA Region Amid Rising Threats Cybersecurity leaders are navigating an increasingly complex landscape, facing mounting pressure from regulatory bodies, evolving...

Windows Bind Link Attacks Strengthen Evasion Techniques Against EDR Tools

Windows Bind Link Attacks Strengthen Evasion Techniques Against EDR Tools Recent research from Bitdefender has unveiled critical vulnerabilities in Windows' bind link feature, demonstrating how...

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools The emergence of malicious AI models on the dark...

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India’s Semiconductor Ecosystem

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India's Semiconductor Ecosystem The Union Cabinet of India, led by Prime Minister Narendra Modi, has officially...